CVE-2025-48744
📋 TL;DR
This vulnerability in SIGB PMB allows attackers to perform Local File Inclusion (LFI) and achieve remote code execution. It affects all installations of SIGB PMB before version 8.0.1.2. Attackers can exploit this to read sensitive files and execute arbitrary code on vulnerable systems.
💻 Affected Systems
- SIGB PMB
📦 What is this software?
Pmb by Sigb
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the server, data exfiltration, and lateral movement within the network.
Likely Case
Unauthorized file access leading to sensitive information disclosure and potential code execution with limited privileges.
If Mitigated
Limited impact with proper network segmentation, web application firewalls, and restricted file permissions preventing successful exploitation.
🎯 Exploit Status
Based on CWE-22 (Path Traversal) and the description mentioning LFI leading to RCE, exploitation is likely straightforward for attackers with web application security knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.0.1.2
Vendor Advisory: https://forge.sigb.net/projects/pmb/wiki/Changelog_801#CHANGE-LOG-8012-2025-03-03
Restart Required: Yes
Instructions:
1. Backup your current PMB installation and database. 2. Download version 8.0.1.2 from the official SIGB repository. 3. Follow the upgrade instructions in the changelog. 4. Restart the web server service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Web Application Firewall Rules
allImplement WAF rules to block path traversal attempts and LFI patterns
WAF-specific configuration commands would depend on your specific WAF solution
File Permission Restrictions
linuxRestrict web server user permissions to prevent file inclusion outside web root
chmod 750 /var/www/pmb
chown www-data:www-data /var/www/pmb -R
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user-controlled file paths
- Deploy network segmentation to isolate the PMB server from critical systems
🔍 How to Verify
Check if Vulnerable:
Check the PMB version in the administration interface or by examining the software files. If version is below 8.0.1.2, the system is vulnerable.Check Version:
Check the PMB admin interface or examine the version.php file in the PMB installation directoryVerify Fix Applied:
After patching, verify the version shows 8.0.1.2 or higher in the administration panel. Test that file inclusion attempts are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in web server logs
- Multiple failed attempts to access files outside web root
- Suspicious PHP file execution attempts
Network Indicators:
- HTTP requests with ../ patterns in parameters
- Unusual outbound connections from web server
SIEM Query:
web_access_logs | where url contains "../" or url contains "..\" or url contains "%2e%2e%2f"