Critical severity9.1NVD Advisory· Published Oct 17, 2025· Updated Apr 15, 2026

CVE-2025-57567

Description

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel, enabling execution of system commands.

Affected products

Lukehebe/Vulnerability Disclosuresreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pluxml.comnvd
github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-57567.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000