Unrated severityNVD Advisory· Published Jul 21, 2025· Updated Aug 7, 2025

CVE-2025-44658

Description

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Affected products

Netgear/RAX30description
Netgear/RAX30llm-fuzzy
Range: = V1.0.10.94

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6mitre
www.netgear.com/about/security/mitre
www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75bmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000