← Back

CVE-2025-44658

nvd nist
Published: Jul 21, 2025Modified: Aug 7, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Affected (1)

Netgear
1 product
Rax30 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax30 Firmware
Version 1.0.10.94
Running on/withPlatform Versions
Netgear
Rax30
All versions

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory

Timeline

No history available yet.