← Retour aux CVEs
CVE-2025-44658
CRITICAL9.8
Description
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/21/2025
Derniere modification8/7/2025
Sourcenvd
Observations honeypot0
Produits affectes
netgear:rax30netgear:rax30_firmware
Faiblesses (CWE)
CWE-434
References
https://www.netgear.com/about/security/(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.