CVE-2026-25510
published 2026-02-03CVE-2026-25510: CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.80%
52.2th percentile
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. This issue has been patched in version 0.28.5.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ci4-cms-erp | ci4ms | < 0.28.5.0 | 0.28.5.0 |
| ci4-cms-erp | ci4ms | >= 0 < 0.28.5.0 | 0.28.5.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →An authenticated user with file editor permissions abuses file creation and save endpoints to upload and execute arbitrary PHP code on the server, resulting in RCE. ↗
- ·Vulnerability only affects CI4MS versions prior to 0.28.5.0; exploitation requires an authenticated session with file editor permissions (not unauthenticated). ↗
- ·The issue has been patched; upgrading to version 0.28.5.0 or later remediates the vulnerability. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
ghsa·2026-02-02
CVE-2026-25510 [CRITICAL] CWE-434 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
**Summary**
A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution (RCE). By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server.
**Vulnerability Details**
The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints.
Unrestricted File Creation: The createFile endpoint allows users to create files with any extension (including .php) in web-accessible directories such as /public.
Arbitrary Content Injection: The save endpoint allows users to write arbitrary content into the created fil
OSV
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
osv·2026-02-02
CVE-2026-25510 [CRITICAL] CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
**Summary**
A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution (RCE). By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server.
**Vulnerability Details**
The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints.
Unrestricted File Creation: The createFile endpoint allows users to create files with any extension (including .php) in web-accessible directories such as /public.
Arbitrary Content Injection: The save endpoint allows users to write arbitrary content into the created fil
No detection rules found.
No public exploits indexed.
2026-02-03
Published