CVE-2025-30091

Vulnerability Description

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.

Related Weaknesses (CWE)

CWE-96

References

https://www.moxiemanager.com/changelog/
https://www.moxiemanager.com/documentation/SEC-1063.php

FAQ

What is CVE-2025-30091?

CVE-2025-30091 is a documented vulnerability. In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-cont...

How severe is CVE-2025-30091?

CVSS scoring is not yet available for CVE-2025-30091. Check NVD for updates.

Is there a patch for CVE-2025-30091?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.