CVE-2025-67887
published 2026-05-08CVE-2025-67887: 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.55%
72.0th percentile
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://dev.1c-bitrix.ru/api_help/translate/index.phphttps://dev.1c-bitrix.ru/learning/course/?COURSE_ID=43&LESSON_ID=3055https://karmainsecurity.com/pocs/CVE-2025-67887.phphttps://seclists.org/fulldisclosure/2025/Dec/22https://www.1c-bitrix.ru/support/index.phphttp://seclists.org/fulldisclosure/2025/Dec/22https://karmainsecurity.com/pocs/CVE-2025-67887.php
2026-05-08
Published