What is the CVSS score of CVE-2025-69565?

CVE-2025-69565 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of PHP are affected by CVE-2025-69565?

A critical vulnerability in Mobile Shop Management System (versions ≤1.0) allows attackers to upload malicious files without restriction, potentially leading to complete system compromise.

Is there a public PoC exploit available for CVE-2025-69565?

Yes, a public proof-of-concept exploit is available for CVE-2025-69565. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-69565?

Within 24 hours: Audit all instances of Mobile Shop Management System in production and document affected versions; isolate systems from internet-facing access if possible. Within 7 days: Implement network segmentation to restrict upload functionality, deploy WAF rules to block file uploads, and disable the upload feature if operationally feasible. Within 30 days: Migrate to an alternative vendor solution or await patch availability; conduct forensic analysis for signs of exploitation.