CVE-2025-61168 is a remote code execution vulnerability found in the cms_rest.php component of SIGB PMB version 8.0.1.14. The vulnerability arises from unsafe handling of serialized data, where the application unserializes arbitrary files without proper validation or sanitization. Attackers can exploit this flaw by supplying crafted serialized input, leading to arbitrary code execution on the server hosting the application. This type of vulnerability is particularly dangerous because it can allow attackers to execute commands with the privileges of the web server process, potentially leading to full system compromise. The vulnerability does not require authentication or user interaction, increasing its risk profile. Currently, there are no known public exploits or patches available, and no CVSS score has been assigned. However, the nature of the vulnerability and the affected component suggest a high likelihood of exploitation once weaponized. SIGB PMB is an open-source integrated library system widely used in European academic and public libraries, making this vulnerability a significant concern for institutions relying on this software for managing digital and physical collections. The lack of patch availability necessitates immediate risk mitigation through access controls and monitoring until an official fix is released.

For European organizations, especially academic institutions, public libraries, and cultural heritage organizations using SIGB PMB, this vulnerability could lead to severe consequences. Successful exploitation would allow attackers to execute arbitrary code, potentially leading to data breaches, unauthorized data manipulation, service disruption, or complete system takeover. This could compromise sensitive patron data, disrupt library services, and damage institutional reputation. The impact extends beyond confidentiality to integrity and availability, as attackers could alter or delete records or render the system inoperable. Given the critical role of library systems in educational and research environments, such disruptions could have cascading effects on academic activities and public access to information. Furthermore, the vulnerability could be leveraged as a foothold for lateral movement within organizational networks, increasing the risk of broader compromise.

1. Immediately restrict network access to the cms_rest.php component by implementing firewall rules or network segmentation to limit exposure to trusted users only. 2. Monitor application logs and file integrity for unusual unserialization activity or unexpected file changes. 3. Disable or restrict the use of PHP unserialize functions if possible, or implement custom input validation to ensure only trusted data is processed. 4. Maintain up-to-date backups of the SIGB PMB system and data to enable rapid recovery in case of compromise. 5. Engage with the SIGB PMB development community or vendor to obtain patches or updates addressing this vulnerability as soon as they become available. 6. Conduct regular security assessments and penetration tests focusing on web application components to detect similar vulnerabilities. 7. Educate system administrators and developers about the risks of unsafe unserialization and secure coding practices to prevent future issues.