PHP CVE-2025-22213

Unrestricted Upload of File with Dangerous Type (CWE-434)
2025-03-11 [email protected]
PHP

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 17:16 nvd
N/A

DescriptionNVD

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Analysis

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Technical ContextAI

Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Affected ProductsAI

Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root.

Share

CVE-2025-22213 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy