CRITICAL🇵🇱 Wersja polska

CVE-2025-63888

CVSS 9.8v3.1pub. 2025-11-20upd. 2025-11-25

The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-98 (PHP Remote File Inclusion) and indicates improper neutralization of include/require directives in PHP. The read function responsible for loading template files does not properly validate supplied input data, allowing an attacker to inject or specify a malicious file to be included and executed by the PHP interpreter. The attack requires no privileges or prior authentication.

Impact

An attacker can remotely execute arbitrary PHP code on the server, which in practice means complete takeover of the application and potentially the entire server, including access to sensitive data, modification of resources, and violation of system availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until the fix is implemented, it is recommended to restrict access to the application at the firewall level and monitor suspicious HTTP requests.

Who is affected

ThinkPHP version 5.0.24

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thinkphp

    APP
    Thinkphp
    5.0.24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-25270CRITICAL9.3PL ✓ten sam produkt

ThinkPHP 5.0.23 — zdalne wykonanie kodu przez parametr routingu (RCE)

CVE-2025-50707CRITICAL9.8PL ✓ten sam produkt

RCE w ThinkPHP 3 — wykonanie kodu przez komponent index.php

CVE-2025-50706CRITICAL9.8PL ✓ten sam produkt

RCE w ThinkPHP 5.1 przez funkcję routecheck

CVE-2024-48112CRITICAL9.8PL ✓ten sam produkt

ThinkPHP: RCE poprzez deserializację w Index.php (CVE-2024-48112)

CVE-2024-44902CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność deserialization RCE w ThinkPHP v6.1.3–v8.0.4