CVE-2025-34061 | THREATINT

Description

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-03 | Updated 2025-07-07 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

2016 (custom)

affected

Credits

Dimensional finder

References

raw.githubusercontent.com/...i/http/phpstudy_backdoor_rce.rb exploit

www.xp.cn/phpstudy product

cve.org (CVE-2025-34061)

nvd.nist.gov (CVE-2025-34061)

Download JSON