CVE Catalog

CVE-2025-69127

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Plumbing versions up to 1.6 are vulnerable to unauthenticated PHP object injection, potentially allowing unauthorized access to the system.

Risk Assessment

Organizations may be exposed to attacks that enable remote code execution or access to sensitive data.

Recommendation

It is recommended to upgrade to the latest version of Plumbing to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS