CVE-2025-22973 – This vulnerability in QiboSoft QiboCMS X1.0 all... (How to Fix)

Q: What is the severity of CVE-2025-22973?

CVE-2025-22973 has a CVSS score of 7.5 (HIGH). This vulnerability in QiboSoft QiboCMS X1.0 allows remote attackers to retrieve sensitive information by exploiting the http_curl() function in the common.php file. Attackers can access URL response content that should be protected, potentially exposing internal data. All users running QiboCMS X1.0 are affected.

📋 TL;DR

This vulnerability in QiboSoft QiboCMS X1.0 allows remote attackers to retrieve sensitive information by exploiting the http_curl() function in the common.php file. Attackers can access URL response content that should be protected, potentially exposing internal data. All users running QiboCMS X1.0 are affected.

💻 Affected Systems

Products:

QiboSoft QiboCMS

Versions: X1.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when the http_curl() function is accessible.

📦 What is this software?

Qibocms X1 by Qibosoft

View all CVEs affecting Qibocms X1 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of internal system information, configuration files, database credentials, and sensitive user data through information disclosure.

🟠

Likely Case

Partial information disclosure revealing system paths, configuration details, or limited sensitive data that could enable further attacks.

🟢

If Mitigated

Minimal impact with proper input validation and access controls preventing unauthorized URL access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of the application's URL handling and may need some authentication depending on implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after X1.0 (check vendor for specific version)

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Check QiboSoft vendor website for security updates. 2. Apply the latest patch for QiboCMS. 3. Verify the http_curl() function has proper input validation and access controls.

🔧 Temporary Workarounds

Restrict http_curl() Function Access

all

Implement access controls to restrict who can call the vulnerable http_curl() function.

Input Validation for URL Parameters

all

Add strict input validation to prevent unauthorized URL requests through the http_curl() function.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block suspicious URL requests
Restrict network access to the QiboCMS application to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Review /application/common.php file for the http_curl() function and check if it properly validates URL inputs and restricts access.

Check Version:

Check QiboCMS version in admin panel or configuration files

Verify Fix Applied:

Test that the http_curl() function now validates URL inputs and restricts access to authorized users only.

📡 Detection & Monitoring

Log Indicators:

Unusual URL requests to the http_curl() function
Multiple failed attempts to access restricted URLs

Network Indicators:

HTTP requests with unusual URL parameters targeting the common.php file

SIEM Query:

source="web_server" AND (uri="*common.php*" OR uri="*http_curl*") AND (status=200 OR status=403)

📊 Metadata

CVE ID: CVE-2025-22973

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.12% exploit probability (30.5th percentile)

Published: February 20, 2025

Last Updated: June 18, 2025

🔗 References

https://github.com/202110420106/CVE/blob/master/CVE-2025-22973.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22973, you might also want to check these: