Security News > 2025 > March > Critical PHP RCE vulnerability mass exploited in new attacks

Critical PHP RCE vulnerability mass exploited in new attacks

2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

News URL

https://www.bleepingcomputer.com/news/security/critical-php-rce-vulnerability-mass-exploited-in-new-attacks/

#attack #critical #PHP #RCE #vulnerability

Related news

CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Critical auth bypass bug in CrushFTP now exploited in attacks (source)
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
PHP		9	2	44	116	124	286

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.