Critical RCE Vulnerability in JuzaWeb CMS Exposes Users to Exploitation

Severity: High (Score: 72.0)

Sources: github.com, Rescana, nvd.nist.gov

Summary

A critical vulnerability (CVE-2025-5425) has been identified in JuzaWeb CMS version 3.4.2, allowing authenticated remote code execution through broken access controls on the Theme Editor page. This flaw permits any authenticated user, regardless of privilege level, to access sensitive administrative functions and inject malicious PHP code. The vulnerability is actively exploited in the wild, with public proof-of-concept exploits available. Organizations using JuzaWeb CMS 3.4.2 or earlier are at immediate risk and should take urgent action to mitigate this threat. The vulnerability is classified as moderate on the CVSS v4.0 scale, with a base score of 5.3, impacting confidentiality, integrity, and availability. Indicators of compromise include unauthorized access to the Theme Editor and modifications to theme files. The vendor has not responded to disclosures regarding this vulnerability. Key Points: • CVE-2025-5425 allows authenticated remote code execution in JuzaWeb CMS 3.4.2. • Attackers can exploit broken access controls to modify theme files and execute arbitrary code. • Public proof-of-concept exploits are available, indicating active exploitation in the wild.

Key Entities

• Malware (attack_type)
• CVE-2025-5425 (cve)
• rescana.com (domain)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)