CVE-2025-41734
Published: 18 November 2025
Description
An unauthenticated remote attacker can execute arbitrary php files and gain full access of the affected devices.
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, reporting, and patching of the PHP arbitrary execution flaw directly prevents unauthenticated remote exploitation.
Validates external inputs to PHP file operations, blocking malicious file paths or payloads that enable arbitrary code execution.
Restricts inputs to authorized file types and paths, preventing unauthenticated attackers from specifying arbitrary PHP files for execution.
Security SummaryAI
CVE-2025-41734, published on 2025-11-18, is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) mapped to CWE-98. It enables an unauthenticated remote attacker to execute arbitrary PHP files on affected devices, potentially leading to full system compromise.
The vulnerability can be exploited by any unauthenticated attacker with network access, requiring low complexity and no privileges or user interaction. Successful exploitation grants full access to the affected devices, allowing arbitrary code execution with high impact on confidentiality, integrity, and availability.
Mitigation details are available in the referenced advisory at https://certvde.com/de/advisories/VDE-2025-097.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote code execution via arbitrary PHP file execution on a public-facing application, directly mapping to Exploitation of Public-Facing Application (T1190).