CVE-2025-25691
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a c
CVSS
6.5
Medio
EPSS
0.8%
p51
KEV
—
Exploit Today
15
0-100
Publicado: 30 jul 2025 · Última mod.: 5 jul 2026 · CWE-77 · CWE-502
0.8%EPSS · 30 días0.8%
2026-06-302026-07-17
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-422379.8 CRÍ99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2026-456598.8 ALT86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability15dCVE-2026-586449.8 CRÍ70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability13hCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.9d