CVE-2025-7101 – This critical vulnerability in BoyunCMS allows ... (How to Fix)

Q: What is the severity of CVE-2025-7101?

CVE-2025-7101 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in BoyunCMS allows remote attackers to execute arbitrary code by manipulating the db_pass parameter during installation. It affects all BoyunCMS installations up to version 1.4.20 that have the vulnerable /install/install_ok.php file accessible. Attackers can exploit this without authentication to gain control of affected systems.

📋 TL;DR

This critical vulnerability in BoyunCMS allows remote attackers to execute arbitrary code by manipulating the db_pass parameter during installation. It affects all BoyunCMS installations up to version 1.4.20 that have the vulnerable /install/install_ok.php file accessible. Attackers can exploit this without authentication to gain control of affected systems.

💻 Affected Systems

Products:

BoyunCMS

Versions: up to and including 1.4.20

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the installation component which should be removed after installation but often remains accessible.

📦 What is this software?

Boyuncms by Boyuncms Project

View all CVEs affecting Boyuncms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or creation of persistent backdoors.

🟠

Likely Case

Web server compromise allowing website defacement, data exfiltration, or use as attack platform.

🟢

If Mitigated

Limited impact if file is properly removed after installation or access is restricted.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but attack surface reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check vendor for updates

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check BoyunCMS vendor website for security updates. 2. If patch available, apply immediately. 3. Remove /install/ directory if not needed.

🔧 Temporary Workarounds

Remove installation directory

linux

Delete or restrict access to the vulnerable /install/ directory after installation

rm -rf /path/to/boyuncms/install/
chmod 000 /path/to/boyuncms/install/

Web server access restriction

all

Block access to install_ok.php via web server configuration

<Location "/install/install_ok.php">
    Deny from all
</Location>

🧯 If You Can't Patch

Implement strict network segmentation to isolate BoyunCMS instances
Deploy web application firewall (WAF) with rules to block code injection patterns

🔍 How to Verify

Check if Vulnerable:

Check if /install/install_ok.php exists and BoyunCMS version is ≤1.4.20

Check Version:

Check BoyunCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify /install/ directory is removed or inaccessible, and version is >1.4.20

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /install/install_ok.php
PHP error logs showing code execution attempts
Web server logs with suspicious db_pass parameter values

Network Indicators:

HTTP requests to install_ok.php with encoded payloads in parameters
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_server" AND (uri="/install/install_ok.php" OR uri LIKE "%/install_ok.php%") AND method="POST"

📊 Metadata

CVE ID: CVE-2025-7101

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.05% exploit probability (15.1th percentile)

Published: July 7, 2025

Last Updated: September 15, 2025

🔗 References

https://note-hxlab.wetolink.com/share/6wemW8CnOMbu Broken Link
https://vuldb.com/?ctiid.315015 Permissions Required,VDB Entry
https://vuldb.com/?id.315015 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.604323 Third Party Advisory,VDB Entry
https://note-hxlab.wetolink.com/share/6wemW8CnOMbu Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7101, you might also want to check these: