CVE-2025-32931
📋 TL;DR
CVE-2025-32931 is an authenticated remote code execution vulnerability in DevDojo Voyager that allows authenticated administrators to execute arbitrary operating system commands via a specific php artisan command. This affects Voyager versions 1.4.0 through 1.8.0 when used with Laravel 8 or later. The vulnerability stems from improper neutralization of argument delimiters in a command (CWE-88).
💻 Affected Systems
- DevDojo Voyager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands with the privileges of the web server process, potentially leading to data theft, lateral movement, or full server takeover.
Likely Case
Authenticated administrators (or attackers who compromise admin credentials) can execute arbitrary commands on the server, potentially installing malware, exfiltrating data, or creating backdoors.
If Mitigated
With proper access controls and network segmentation, impact is limited to the specific web server instance, though command execution capabilities remain dangerous.
🎯 Exploit Status
Exploitation requires authenticated administrator access. The vulnerability is in the Compass feature's command execution functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.1 or later
Vendor Advisory: https://github.com/thedevdojo/voyager/security/advisories
Restart Required: Yes
Instructions:
1. Update Voyager to version 1.8.1 or later using composer update thedevdojo/voyager. 2. Clear Laravel cache with php artisan cache:clear. 3. Restart your web server and queue workers if applicable.
🔧 Temporary Workarounds
Disable Compass Feature
allDisable the Voyager Compass feature which contains the vulnerable command execution functionality.
Set 'compass_enabled' => false in config/voyager.php
Restrict Admin Access
allImplement strict access controls to limit who can access the Voyager admin interface.
Implement IP whitelisting, multi-factor authentication, or additional authorization layers
🧯 If You Can't Patch
- Implement network segmentation to isolate the Voyager instance from critical systems
- Enable detailed logging and monitoring of all admin activities and command executions
🔍 How to Verify
Check if Vulnerable:
Check your Voyager version in composer.json or run php artisan voyager:version. If version is between 1.4.0 and 1.8.0 inclusive, you are vulnerable.Check Version:
php artisan voyager:versionVerify Fix Applied:
After updating, verify version is 1.8.1 or later and test that command execution through Compass is properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual php artisan commands executed via web interface
- Commands with shell metacharacters in Voyager logs
- Multiple failed authentication attempts to admin panel
Network Indicators:
- Unusual outbound connections from web server to external systems
- Large data transfers from web server
SIEM Query:
source="voyager" AND (command="artisan" OR command="php artisan") AND user_agent="web-browser"