CVE-2025-57567
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk53th percentile - higher than 53% of all known CVEs
Summary
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file under the default theme directory. An authenticated administrator can overwrite this file with arbitrary PHP code via the admin panel.
Risk Assessment
An attacker with admin privileges can execute arbitrary system commands, leading to full server compromise and data breach.
Recommendation
Update PluXml CMS to the latest version immediately, restrict admin privileges to trusted users, and protect the minify.php file from unauthorized writes.
Original NVD description (English source)
A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel, enabling execution of system commands.

