How to fix CVE-2025-7060?

Within 30 days: Identify affected systems running Monitorr and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is PHP affected by CVE-2025-7060?

Organizations using Monitorr should be aware of moderate risk from CVE-2025-7060, a input validation vulnerability rated CVSS 4.1. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

PHP CVE-2025-7060

EUVD-2025-20012 MEDIUM

Improper Input Validation (CWE-20)

2025-07-04 [email protected]

PHP Information Disclosure Monitorr

4.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 02:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:42 euvd

EUVD-2025-20012

PoC Detected

Oct 01, 2025 - 13:31 vuln.today

Public exploit code

CVE Published

Jul 04, 2025 - 11:15 nvd

MEDIUM 4.1

DescriptionNVD

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/_installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-7060 vulnerability details – vuln.today

Back