9.8

CVE-2025-44658

EPSS 0.41%
Published 21.07.2025 00:00:00
Last modified 07.08.2025 17:57:40
Source cve@mitre.org
Teams watchlist Login
Open Login

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Rax30 Firmware Version1.0.10.94

Netgear ≫ Rax30 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.608

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.netgear.com/about/security/

Vendor Advisory

https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6

Broken Link

https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-44658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-44658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-44658

EUVD