What is the CVSS score of CVE-2025-65656?

CVE-2025-65656 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of PHP are affected by CVE-2025-65656?

A critical remote file inclusion vulnerability in dcat-admin v2.2.3-beta and earlier allows unauthenticated attackers to execute arbitrary code with a 9.8 CVSS score.

Is there a public PoC exploit available for CVE-2025-65656?

Yes, a public proof-of-concept exploit is available for CVE-2025-65656. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-65656?

Within 24 hours: Inventory all systems running dcat-admin and isolate affected instances from production networks if possible; disable public-facing access to admin panels. Within 7 days: Implement WAF rules to block file inclusion patterns targeting VersionManager.php; apply input validation and access controls; conduct forensic analysis for signs of compromise. Within 30 days: Migrate to a patched version when available or replace dcat-admin with a supported alternative; review logs for unauthorized file access or code execution.