Login Sign Up

CVE-2025-49141

8.5 HIGH
Remote Code Execution

📋 TL;DR

CVE-2025-49141 is an OS command injection vulnerability in HAX CMS PHP's gitImportSite functionality. Authenticated attackers can execute arbitrary commands on the backend server by crafting malicious URLs that bypass input validation. This affects all HAX CMS PHP installations prior to version 11.0.3.

💻 Affected Systems

Products:
  • HAX CMS PHP
Versions: All versions prior to 11.0.3
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to the gitImportSite functionality.

📦 What is this software?

Haxcms Nodejs by Psu

View all CVEs affecting Haxcms Nodejs →

Haxcms Php by Psu

View all CVEs affecting Haxcms Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing data exfiltration, lateral movement, ransomware deployment, or complete system takeover.

🟠

Likely Case

Unauthorized data access, privilege escalation, backdoor installation, or service disruption.

🟢

If Mitigated

Limited impact due to network segmentation, minimal user privileges, and proper input validation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but uses simple command injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.3

Vendor Advisory: https://github.com/haxtheweb/issues/security/advisories/GHSA-g4cf-pp4x-hqgw

Restart Required: No

Instructions:

1. Update HAX CMS PHP to version 11.0.3 or later. 2. Verify the patch is applied by checking the gitImportSite functionality. 3. Test the fix with safe input validation.

🔧 Temporary Workarounds

Disable gitImportSite functionality

all

Temporarily disable the vulnerable gitImportSite endpoint until patching is complete.

# Modify your HAX CMS configuration to disable gitImportSite
# Or use web server rules to block access to the endpoint

Implement input validation proxy

all

Add additional input validation layer before requests reach the vulnerable function.

# Add custom validation in your application middleware
# Example: Validate URL format and reject suspicious patterns

🧯 If You Can't Patch

  • Restrict access to authenticated users with minimal privileges only.
  • Implement network segmentation to isolate HAX CMS from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check if your HAX CMS PHP version is below 11.0.3 and if gitImportSite functionality is accessible.

Check Version:

Check HAX CMS PHP version in admin panel or configuration files.

Verify Fix Applied:

Confirm version is 11.0.3 or higher and test gitImportSite with safe input to ensure proper validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to gitImportSite endpoint
  • Suspicious command strings in server logs
  • Multiple failed validation attempts

Network Indicators:

  • Unexpected outbound connections from HAX CMS server
  • Command output being sent via HTTP requests

SIEM Query:

search 'POST /gitImportSite' AND (suspicious_command OR validation_bypass)

📊 Metadata

CVE ID: CVE-2025-49141
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-78
EPSS Score: 0.62% exploit probability (69.5th percentile)
Published: June 9, 2025
Last Updated: July 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49141, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)