CVE-2025-25691 | THREATINT

Description

A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.

PUBLISHED Reserved 2025-02-07 | Published 2025-07-30 | Updated 2025-07-30 | Assigner mitre

References

github.com/PrestaShop/PrestaShop

prestashop.com

dem0.com

dem0.com/...oken=btRUtV2Om2noliZZjeFQZhlMY3gYivjABbPOjP91L6U

github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25691.md

cve.org (CVE-2025-25691)

nvd.nist.gov (CVE-2025-25691)

Download JSON