9.8

CVE-2025-44658

EPSS 0.49%
Veröffentlicht 21.07.2025 00:00:00
Zuletzt bearbeitet 07.08.2025 17:57:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Rax30 Firmware Version1.0.10.94

Netgear ≫ Rax30 Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.49%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.netgear.com/about/security/

Vendor Advisory

https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6

Broken Link

https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-44658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-44658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-44658

EUVD