CVE-2025-5499 – This critical vulnerability in slackero phpwcms... (How to Fix)

Q: What is the severity of CVE-2025-5499?

CVE-2025-5499 has a CVSS score of 7.3 (HIGH). This critical vulnerability in slackero phpwcms allows remote attackers to execute arbitrary code through deserialization attacks via manipulated image file parameters. It affects all installations using vulnerable versions of the image_resized.php component. Attackers can exploit this without authentication to potentially take full control of affected systems.

📋 TL;DR

This critical vulnerability in slackero phpwcms allows remote attackers to execute arbitrary code through deserialization attacks via manipulated image file parameters. It affects all installations using vulnerable versions of the image_resized.php component. Attackers can exploit this without authentication to potentially take full control of affected systems.

💻 Affected Systems

Products:

slackero phpwcms

Versions: Up to version 1.9.45 and 1.10.8

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the vulnerable image_resized.php component are affected regardless of configuration.

📦 What is this software?

Phpwcms by Phpwcms

View all CVEs affecting Phpwcms →

Phpwcms by Phpwcms

View all CVEs affecting Phpwcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to execute arbitrary commands, access sensitive data, and pivot to other systems.

🟢

If Mitigated

Limited impact if proper input validation and deserialization controls are implemented alongside network segmentation.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing systems prime targets.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available, making this easily weaponizable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.46 and 1.10.9

Vendor Advisory: https://github.com/slackero/phpwcms/releases/tag/v1.10.9

Restart Required: No

Instructions:

1. Backup your phpwcms installation and database. 2. Download the patched version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify the update by checking the version number.

🔧 Temporary Workarounds

Disable image_resized.php

linux

Temporarily disable the vulnerable component by removing or restricting access to image_resized.php

mv /path/to/phpwcms/include/inc_front/image_resized.php /path/to/phpwcms/include/inc_front/image_resized.php.disabled

Input validation filter

all

Add input validation to reject suspicious image file parameters

Add validation in frontend code to reject non-standard image file extensions and paths

🧯 If You Can't Patch

Implement strict WAF rules to block requests containing serialized data patterns
Restrict network access to phpwcms instances and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if image_resized.php exists in your installation and verify the phpwcms version is below 1.9.46 or 1.10.9

Check Version:

grep -r 'PHPWCMS_VERSION' /path/to/phpwcms/ | head -1

Verify Fix Applied:

Verify the version number shows 1.9.46 or higher, or 1.10.9 or higher, and check that image_resized.php has been updated

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to image_resized.php with serialized data patterns
PHP deserialization warnings or errors in logs
Unexpected file writes or process executions

Network Indicators:

HTTP requests to image_resized.php with base64-encoded or serialized payloads
Outbound connections from phpwcms server to unknown IPs

SIEM Query:

source="web_logs" AND uri="*image_resized.php*" AND (payload="*O:*" OR payload="*a:*" OR payload="*s:*")

📊 Metadata

CVE ID: CVE-2025-5499

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

EPSS Score: 0.24% exploit probability (46.6th percentile)

Published: June 3, 2025

Last Updated: January 20, 2026

🔗 References

https://github.com/3em0/cve_repo/blob/main/phpwcms/image_resized%23getimagesize.md Exploit,Third Party Advisory
https://github.com/slackero/phpwcms/releases/tag/v1.10.9 Release Notes
https://vuldb.com/?ctiid.310914 Permissions Required,VDB Entry
https://vuldb.com/?id.310914 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.578082 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.578083 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5499, you might also want to check these: