CVE Catalog

CVE-2025-57567

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.83%

53th percentile - higher than 53% of all known CVEs

Summary

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file under the default theme directory. An authenticated administrator can overwrite this file with arbitrary PHP code via the admin panel.

Risk Assessment

An attacker with admin privileges can execute arbitrary system commands, leading to full server compromise and data breach.

Recommendation

Update PluXml CMS to the latest version immediately, restrict admin privileges to trusted users, and protect the minify.php file from unauthorized writes.

Original NVD description (English source)

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel, enabling execution of system commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS