VYPR
Unrated severityOSV Advisory· Published Dec 22, 2025· Updated Dec 22, 2025

CVE-2025-67436

CVE-2025-67436

Description

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.