Security News > 2025 > March > Critical PHP RCE vulnerability mass exploited in new attacks

Critical PHP RCE vulnerability mass exploited in new attacks

2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

News URL

https://www.bleepingcomputer.com/news/security/critical-php-rce-vulnerability-mass-exploited-in-new-attacks/

#attack #critical #PHP #RCE #vulnerability

Related news

Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		9	2	44	116	124	286

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.