VYPR
← All advisories
Medium severity4.9OSV Advisory· Published Jul 11, 2025· Updated Apr 15, 2026

CVE-2025-52994

CVE-2025-52994

Description

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
james-heinrich/phpthumbPackagist
<= 1.7.23

Affected products

1

Patches

1
cdcbc206ae60
https://github.com/jamesheinrich/phpthumbvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.