CVE-2025-34292P2CRITICALCVSS 9.4fixed in c60bf04c2464c4bfb6cfed6372a2890ca2d0c5852025-10-27
CVE-2025-34292 [CRITICAL] CWE-502 CVE-2025-34292: Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from de
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POST parameter `formkit_memory_recovery` in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read by \\RoxModelBase::getMemoryCookie (bwRemember)
nvd