CVE-2025-25691
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a c
CVSS
6.5
Medium
EPSS
0.8%
p51
KEV
—
Exploit Today
15
0-100
Published: Jul 30, 2025 · Last modified: Jul 5, 2026 · CWE-77 · CWE-502
0.8%EPSS · 30 days0.8%
2026-06-302026-07-17
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-422379.8 CRI99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability8dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2026-456598.8 HIG86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability15dCVE-2026-586449.8 CRI70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability13hCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2023-349609.8 CRI99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.9d