Unrated severityOSV Advisory· Published Dec 22, 2025· Updated Dec 22, 2025
CVE-2025-67436
CVE-2025-67436
Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.