VYPR
Unrated severityNVD Advisory· Published Jul 21, 2025· Updated Aug 7, 2025

CVE-2025-44658

CVE-2025-44658

Description

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Netgear/RAX30cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = V1.0.10.94

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.