VYPR

Rox

by Bewelcome

Source repositories

CVEs (1)

  • CVE-2025-34292CriOct 27, 2025
    risk 0.54cvss epss 0.01

    Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POST parameter `formkit_memory_recovery` in \\RoxPostHandler::getCallbackAction and…