CVE-2025-52207

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-52207
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52207.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-52207
Published
2025-06-27T17:15:34.333Z
Modified
2026-04-10T05:39:13.758291Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
[none]
Details

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

References

Affected packages

Git / github.com/mikopbx/Core

Affected ranges

Type
GIT
Repo
https://github.com/mikopbx/Core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
564466a72b0ec2c8b00be83d2e3429f5ae971574
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2024.1.114"
        }
    ]
}
Type
GIT
Repo
https://github.com/mikopbx/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3ee785429d3f1b33c9ab387ef4221127c9b8c5f3

Affected versions

2019.*
2019.4.5
2019.4.53
2020.*
2020.1.124
2020.1.62
2020.1.72
2024.*
2024.1.114
2024.2.111-dev
2024.2.28-dev
7.*
7.1.1.5
7.2.5.30
7.3.13.155
7.3.13.160
7.3.13.161
7.3.13.162

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52207.json"