CVE-2025-67164 is a vulnerability identified in Pagekit CMS version 1.0.18, affecting the /storage/poc.php component. The vulnerability allows an authenticated attacker to upload arbitrary files, including malicious PHP scripts, to the server. This arbitrary file upload flaw can be exploited to execute remote code, effectively giving attackers control over the affected web server. The attack vector requires the attacker to have valid authentication credentials, which may be obtained through credential theft, phishing, or weak password policies. Once authenticated, the attacker can craft a PHP file and upload it via the vulnerable endpoint, bypassing any insufficient input validation or file type restrictions. This leads to remote code execution, enabling attackers to manipulate data, deploy backdoors, or pivot within the network. No official patch or CVSS score has been published yet, and no known exploits are reported in the wild. However, the vulnerability's nature suggests a high risk of exploitation once weaponized. The lack of a CVSS score means severity must be assessed based on impact and exploit complexity, which here indicates a high severity due to the critical consequences of remote code execution on web servers.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Pagekit CMS 1.0.18 for their web presence. Successful exploitation can lead to full compromise of web servers, exposing sensitive customer data, intellectual property, and internal systems. It can also facilitate lateral movement within corporate networks, increasing the risk of ransomware or espionage attacks. Public sector entities, e-commerce platforms, and service providers using Pagekit CMS are particularly vulnerable to reputational damage and regulatory penalties under GDPR if data breaches occur. The requirement for authentication reduces the attack surface but does not eliminate risk, as credential compromise is common. The vulnerability could be leveraged in targeted attacks against European organizations with weak authentication controls or insufficient monitoring. Additionally, the ability to execute arbitrary code can disrupt availability by defacing websites or deploying denial-of-service payloads.

Organizations should immediately audit and restrict access to the Pagekit CMS administrative interfaces to trusted personnel only, enforcing strong multi-factor authentication to reduce the risk of credential compromise. Implement strict file upload validation controls, including whitelisting allowed file types and scanning uploaded files for malicious content. Monitor web server logs and application behavior for unusual upload activity or execution of unexpected scripts. Network segmentation should be applied to isolate web servers from critical internal systems, limiting lateral movement in case of compromise. Since no official patch is currently available, consider temporarily disabling or restricting access to the /storage/poc.php endpoint if feasible. Regularly check for security advisories from Pagekit CMS developers and apply patches promptly once released. Employ web application firewalls (WAFs) with custom rules to detect and block attempts to upload or execute unauthorized files. Conduct user training to prevent credential theft and enforce robust password policies.