CVE-2025-7099 – This vulnerability in BoyunCMS allows remote at... (How to Fix)

Q: What is the severity of CVE-2025-7099?

CVE-2025-7099 has a CVSS score of 5.6 (MEDIUM). This vulnerability in BoyunCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the installation handler. It affects BoyunCMS versions up to 1.21 running on PHP7. The attack targets the installation component, which is typically accessible during initial setup.

📋 TL;DR

This vulnerability in BoyunCMS allows remote attackers to execute arbitrary code through deserialization of untrusted data in the installation handler. It affects BoyunCMS versions up to 1.21 running on PHP7. The attack targets the installation component, which is typically accessible during initial setup.

💻 Affected Systems

Products:

BoyunCMS

Versions: Up to version 1.21

Operating Systems: Any running PHP7

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using PHP7. The vulnerability exists in the installation component which should be removed after setup.

📦 What is this software?

Boyuncms by Boyuncms Project

View all CVEs affecting Boyuncms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and potential lateral movement within the network.

🟠

Likely Case

Unauthorized access to the database and web server, allowing data manipulation or extraction.

🟢

If Mitigated

Limited impact if installation files are removed after setup and proper input validation is implemented.

🌐 Internet-Facing: HIGH - The vulnerable component is typically accessible remotely during installation, and public exploits exist.

🏢 Internal Only: MEDIUM - If installation files remain accessible internally after setup, exploitation risk persists but requires internal access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit has been publicly disclosed and targets the installation handler. Attack complexity is described as high but exploit is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

1. Check if BoyunCMS version is 1.21 or earlier. 2. Remove or restrict access to install/install2.php file. 3. Consider upgrading if newer version becomes available. 4. Review and sanitize all user inputs in the application.

🔧 Temporary Workarounds

Remove installation files

linux

Delete or restrict access to the vulnerable installation files after setup is complete

rm -rf install/
chmod 000 install/install2.php

Input validation hardening

all

Implement strict input validation for all user-controlled parameters

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block deserialization attempts
Restrict network access to the installation interface using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if BoyunCMS version is ≤1.21 and if install/install2.php file exists and is accessible

Check Version:

Check BoyunCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify install/install2.php is removed or inaccessible, and test with known exploit payloads

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to install/install2.php
Deserialization errors in PHP logs
Unexpected database connection attempts

Network Indicators:

HTTP requests to install/install2.php with serialized data in parameters
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/install/install2.php" AND (method="POST" OR parameters CONTAINS "db_host")

📊 Metadata

CVE ID: CVE-2025-7099

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

EPSS Score: 0.05% exploit probability (16.7th percentile)

Published: July 7, 2025

Last Updated: September 15, 2025

🔗 References

https://note-hxlab.wetolink.com/share/cQGEOmctNARD Broken Link
https://vuldb.com/?ctiid.315013 Permissions Required,VDB Entry
https://vuldb.com/?id.315013 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.604310 Third Party Advisory,VDB Entry
https://note-hxlab.wetolink.com/share/cQGEOmctNARD Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7099, you might also want to check these: