Login Sign Up

CVE-2025-67172

7.2 HIGH
Remote Code Execution

📋 TL;DR

RiteCMS v3.1.0 contains an authenticated remote code execution vulnerability in the parse_special_tags() function that allows authenticated users to execute arbitrary code on the server. This affects all installations running the vulnerable version. Attackers with valid credentials can compromise the entire web application.

💻 Affected Systems

Products:
  • RiteCMS
Versions: v3.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access. All installations with default configuration are vulnerable.

📦 What is this software?

Ritecms by Ritecms

View all CVEs affecting Ritecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, malware deployment, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment, data exfiltration, privilege escalation, and defacement of the website.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal user privileges, and active monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access but is straightforward to execute once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable parse_special_tags function

all

Modify the functions.inc.php file to disable or secure the vulnerable parse_special_tags() function

Edit cms/includes/functions.inc.php and comment out or remove lines 297-504 containing parse_special_tags() function

Restrict user privileges

all

Limit authenticated users to minimal necessary permissions and implement strong access controls

Review and modify user roles in RiteCMS admin panel to remove unnecessary privileges

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block suspicious input patterns
  • Isolate the RiteCMS instance in a DMZ with strict outbound network controls

🔍 How to Verify

Check if Vulnerable:

Check if running RiteCMS v3.1.0 by examining version files or admin panel. Review functions.inc.php for parse_special_tags() function.

Check Version:

Check cms/version.txt or admin panel for version information

Verify Fix Applied:

Test if parse_special_tags() function is disabled or modified. Attempt to trigger the vulnerability with safe test payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to admin functions
  • System command execution in web logs
  • Multiple failed authentication attempts followed by successful login

Network Indicators:

  • Unusual outbound connections from web server
  • Command and control traffic patterns

SIEM Query:

source="web_logs" AND (url="*parse_special_tags*" OR message="*system(*" OR message="*exec(*")

📊 Metadata

CVE ID: CVE-2025-67172
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
EPSS Score: 0.53% exploit probability (66.7th percentile)
Published: December 17, 2025
Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67172, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)