CVE-2025-67164 – An authenticated arbitrary file upload vulnerab... (How to Fix)

📋 TL;DR

An authenticated arbitrary file upload vulnerability in Pagekit CMS v1.0.18 allows attackers to upload malicious PHP files and execute arbitrary code on the server. This affects all Pagekit CMS installations running version 1.0.18 with the vulnerable /storage/poc.php component accessible. Attackers need authenticated access to exploit this vulnerability.

💻 Affected Systems

Products:

Pagekit CMS

Versions: v1.0.18

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the CMS. The vulnerability is in the /storage/poc.php component which appears to be part of the storage management functionality.

📦 What is this software?

Pagekit by Pagekit

View all CVEs affecting Pagekit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Webshell installation allowing persistent backdoor access, data exfiltration, and further exploitation of the server environment.

🟢

If Mitigated

Limited impact if proper file upload validation and web application firewalls are in place, though authenticated attackers could still attempt exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official patch from Pagekit CMS developers
2. If patch is released, download and apply according to vendor instructions
3. Verify the /storage/poc.php component no longer accepts arbitrary file uploads

🔧 Temporary Workarounds

Remove vulnerable component

linux

Delete or rename the vulnerable poc.php file to prevent exploitation

rm /path/to/pagekit/storage/poc.php
mv /path/to/pagekit/storage/poc.php /path/to/pagekit/storage/poc.php.disabled

Restrict file upload permissions

all

Configure web server to deny execution of PHP files in upload directories

Add to .htaccess: <Files *.php> deny from all </Files>

🧯 If You Can't Patch

Implement strict access controls and monitoring for authenticated users
Deploy web application firewall with file upload filtering rules

🔍 How to Verify

Check if Vulnerable:

Check if Pagekit version is 1.0.18 and if /storage/poc.php endpoint exists and accepts file uploads

Check Version:

Check Pagekit version in composer.json or admin panel

Verify Fix Applied:

Attempt to upload a PHP file to /storage/poc.php - should be rejected with proper file validation

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /storage/poc.php
PHP file creation in upload directories
Multiple failed authentication attempts followed by successful login

Network Indicators:

POST requests to /storage/poc.php with file uploads
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (uri="/storage/poc.php" OR file_extension="php") AND http_method="POST"

📊 Metadata

CVE ID: CVE-2025-67164

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: December 17, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67164 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67164, you might also want to check these: