What is the CVSS score of CVE-2025-70758?

CVE-2025-70758 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of PHP are affected by CVE-2025-70758?

A critical authentication bypass vulnerability in core-php-admin-panel allows unauthenticated users to access restricted administrative functionality by exploiting improper session termination logic.

How to fix or mitigate CVE-2025-70758?

Within 24 hours: Identify all systems running core-php-admin-panel and assess exposure; implement network access controls to restrict admin panel access to trusted IPs only. Within 7 days: Deploy compensating controls via WAF rules to block unauthenticated requests to admin endpoints; conduct security audit of admin access logs for potential exploitation. Within 30 days: Monitor vendor repositories for patch availability; plan migration to patched version or alternative solution; document all interim mitigations in change management.

PHP CVE-2025-70758

HIGH

Improper Check or Handling of Exceptional Conditions (CWE-703)

2026-02-03 cve@mitre.org

PHP Authentication Bypass

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.5

DescriptionNVD

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database.

AnalysisAI

Technical ContextAI

Affected ProductsAI

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-70758 vulnerability details – vuln.today

Back

PHP CVE-2025-70758

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code