CVE-2025-25691

CVSS 6.5 MEDIUMEPSS 0.7%CWE-502 CWE-77

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://dem0.com http://dem0.com/admin/index.php/improve/design/themes/import?_token=btRUtV2Om2noliZZjeFQZhlMY3gYivjABbPOjP91L6U http://prestashop.com https://github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25691.md https://github.com/PrestaShop/PrestaShop