CVE-2025-25692
A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a craft
CVSS
6.5
Medio
EPSS
0.6%
p46
KEV
—
Exploit Today
14
0-100
Publicado: 30 jul 2025 · Última mod.: 5 jul 2026 · CWE-77 · CWE-502
0.6%EPSS · 30 días0.8%
2026-06-302026-07-17
A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-422379.8 CRÍ99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2026-456598.8 ALT86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability16dCVE-2026-586449.8 CRÍ70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability20hCVE-2026-125699.8 CRÍ66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.9d