CVE-2025-34097: CWE-434 Unrestricted Upload of File with Dangerous Type in ProcessMaker Inc. ProcessMaker
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code. Upon installation, the plugin’s install() method is invoked, resulting in execution of attacker-supplied PHP code on the server with the privileges of the web server user. This vulnerability can be chained with CVE-2022-38577 — a privilege escalation flaw in the user profile page — to achieve full remote code execution from a low-privileged account.
AI Analysis
Technical Summary
CVE-2025-34097 is a high-severity vulnerability in ProcessMaker prior to version 3.5.4 involving improper validation of uploaded plugin archives. An attacker with administrative access can upload a crafted .tar plugin file containing malicious PHP code. Upon installation, the plugin's install() method executes this code with web server privileges, enabling remote code execution. This vulnerability can be chained with CVE-2022-38577, a privilege escalation issue, to allow attackers starting from low-privileged accounts to fully compromise the system.
Potential Impact
Successful exploitation results in execution of arbitrary PHP code on the server with web server user privileges, potentially leading to full system compromise when combined with a known privilege escalation vulnerability. This can allow attackers to control the affected ProcessMaker instance and access sensitive data or disrupt operations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor for suspicious plugin uploads. Avoid installing untrusted plugins. Follow vendor communications closely for updates and apply patches promptly once released.
CVE-2025-34097: CWE-434 Unrestricted Upload of File with Dangerous Type in ProcessMaker Inc. ProcessMaker
Description
An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code. Upon installation, the plugin’s install() method is invoked, resulting in execution of attacker-supplied PHP code on the server with the privileges of the web server user. This vulnerability can be chained with CVE-2022-38577 — a privilege escalation flaw in the user profile page — to achieve full remote code execution from a low-privileged account.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-34097 is a high-severity vulnerability in ProcessMaker prior to version 3.5.4 involving improper validation of uploaded plugin archives. An attacker with administrative access can upload a crafted .tar plugin file containing malicious PHP code. Upon installation, the plugin's install() method executes this code with web server privileges, enabling remote code execution. This vulnerability can be chained with CVE-2022-38577, a privilege escalation issue, to allow attackers starting from low-privileged accounts to fully compromise the system.
Potential Impact
Successful exploitation results in execution of arbitrary PHP code on the server with web server user privileges, potentially leading to full system compromise when combined with a known privilege escalation vulnerability. This can allow attackers to control the affected ProcessMaker instance and access sensitive data or disrupt operations.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor for suspicious plugin uploads. Avoid installing untrusted plugins. Follow vendor communications closely for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.555Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687014fca83201eaaca979ce
Added to database: 7/10/2025, 7:31:08 PM
Last enriched: 4/7/2026, 11:00:42 PM
Last updated: 5/10/2026, 10:23:42 AM
Views: 88
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.