CVE-2025-52207

moderate-risk
Published 2025-06-27

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

Do I need to act?

~
7.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 3ee785429d3f1b33c9ab387ef4221127c9b8c5f3
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

References (2)

https://github.com/mikopbx/Core/commit/3ee785429d3f1b33c9ab387ef4221127c9b8c5f3
https://www.mikopbx.com/
48
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 10/34 · Low
Exposure 5/34 · Minimal