How to fix CVE-2025-6161?

Within 24 hours: Take the affected application offline or restrict access to trusted networks only; audit server logs for suspicious file uploads to /editproduct.php; inventory all instances running this version across your environment. Within 7 days: Implement strict input validation and file type restrictions at the application level; deploy WAF rules to block suspicious uploads to /editproduct.php; conduct forensic analysis of systems for indicators of compromise. Within 30 days: Migrate to an alternative, supported food ordering platform; if migration is unavoidable, implement compensating controls including network segmentation, file upload sandboxing, and continuous monitoring for exploitation attempts.

Is PHP affected by CVE-2025-6161?

A critical file upload vulnerability in Simple Food Ordering System 1.0 allows unauthenticated attackers to upload arbitrary files remotely, potentially leading to system compromise, data theft, and service disruption.

CVE-2025-6161

EUVD-2025-18477 HIGH

2025-06-17 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18477

PoC Detected

Oct 23, 2025 - 20:06 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 05:15 nvd

HIGH 7.3

Description

A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A remote code execution vulnerability (CVSS 7.3). Risk factors: public PoC available.

Technical Context

CWE-284 (Improper Access Control). CVSS 7.3 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +36

POC: +20

CVE-2025-6161 vulnerability details – vuln.today

Back

CVE-2025-6161

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-6161

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code