CVE-2025-11138 – This CVE describes a remote command injection v... (How to Fix)

Q: What is the severity of CVE-2025-11138?

CVE-2025-11138 has a CVSS score of 6.3 (MEDIUM). This CVE describes a remote command injection vulnerability in wenkucms versions up to 3.4. Attackers can execute arbitrary operating system commands on affected systems by exploiting the createPathOne function. Organizations using vulnerable wenkucms installations are at risk.

📋 TL;DR

This CVE describes a remote command injection vulnerability in wenkucms versions up to 3.4. Attackers can execute arbitrary operating system commands on affected systems by exploiting the createPathOne function. Organizations using vulnerable wenkucms installations are at risk.

💻 Affected Systems

Products:

wenkucms

Versions: Up to and including version 3.4

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the vulnerable function are affected regardless of configuration.

📦 What is this software?

Wenkucms by Wenkucms Project

View all CVEs affecting Wenkucms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, or pivot to other systems.

🟠

Likely Case

Web server compromise leading to data theft, defacement, or use as a foothold for further attacks.

🟢

If Mitigated

Limited impact if proper input validation and command execution restrictions are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub, remote exploitation possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.4

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check current wenkucms version. 2. Upgrade to latest version beyond 3.4. 3. Verify the createPathOne function has proper input validation.

🔧 Temporary Workarounds

Input Validation Sanitization

all

Add strict input validation and sanitization to the createPathOne function parameters.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block command injection patterns
Restrict network access to wenkucms installation to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check if wenkucms version is 3.4 or earlier by examining version files or configuration.

Check Version:

Check wenkucms configuration files or admin panel for version information.

Verify Fix Applied:

Verify version is above 3.4 and test the createPathOne function with malicious input to ensure it's sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Suspicious PHP function calls in web server logs

Network Indicators:

Unexpected outbound connections from web server
Command injection patterns in HTTP requests

SIEM Query:

Search for patterns like 'system(', 'exec(', 'shell_exec(' in web application logs with suspicious parameters.

📊 Metadata

CVE ID: CVE-2025-11138

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.43% exploit probability (62.1th percentile)

Published: September 29, 2025

Last Updated: October 10, 2025

🔗 References

https://github.com/electroN1chahaha/wenkucms-RCE/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.326215 Permissions Required,VDB Entry
https://vuldb.com/?id.326215 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.657055 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11138, you might also want to check these: