CVE-2025-67886: n/a
CVE-2025-67886 describes a potential remote code execution vulnerability in Bitrix24 through version 25. 100. 300. The issue arises because users with SOURCE/WRITE permissions on the Translate Module can upload and execute PHP code by submitting a PHP file alongside a . htaccess file. However, the supplier disputes this classification as a vulnerability, stating that this capability is intended behavior for high-privileged users who manage translated pages on the website.
AI Analysis
Technical Summary
This vulnerability involves Bitrix24 versions up to 25.100.300 where an actor with SOURCE/WRITE permissions on the Translate Module can upload and execute arbitrary PHP code by submitting a PHP file and a .htaccess file. The supplier considers this functionality intentional for users with elevated privileges responsible for uploading translated content, thus disputing its classification as a vulnerability. No CVSS score or patch information is available, and no known exploits have been reported in the wild.
Potential Impact
If an unauthorized or malicious actor gains SOURCE/WRITE permissions on the Translate Module, they could execute arbitrary PHP code on the server, potentially leading to full system compromise. However, since this capability is limited to users with high privileges, the impact is constrained to the risk of privilege misuse rather than an unprivileged remote code execution vulnerability.
Mitigation Recommendations
No official patch or remediation guidance is available. Since the supplier states this behavior is intended for high-privileged users, mitigation should focus on strict access control and ensuring that only trusted users have SOURCE/WRITE permissions on the Translate Module. Regularly review and audit user permissions to prevent privilege abuse.
CVE-2025-67886: n/a
Description
CVE-2025-67886 describes a potential remote code execution vulnerability in Bitrix24 through version 25. 100. 300. The issue arises because users with SOURCE/WRITE permissions on the Translate Module can upload and execute PHP code by submitting a PHP file alongside a . htaccess file. However, the supplier disputes this classification as a vulnerability, stating that this capability is intended behavior for high-privileged users who manage translated pages on the website.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves Bitrix24 versions up to 25.100.300 where an actor with SOURCE/WRITE permissions on the Translate Module can upload and execute arbitrary PHP code by submitting a PHP file and a .htaccess file. The supplier considers this functionality intentional for users with elevated privileges responsible for uploading translated content, thus disputing its classification as a vulnerability. No CVSS score or patch information is available, and no known exploits have been reported in the wild.
Potential Impact
If an unauthorized or malicious actor gains SOURCE/WRITE permissions on the Translate Module, they could execute arbitrary PHP code on the server, potentially leading to full system compromise. However, since this capability is limited to users with high privileges, the impact is constrained to the risk of privilege misuse rather than an unprivileged remote code execution vulnerability.
Mitigation Recommendations
No official patch or remediation guidance is available. Since the supplier states this behavior is intended for high-privileged users, mitigation should focus on strict access control and ensuring that only trusted users have SOURCE/WRITE permissions on the Translate Module. Regularly review and audit user permissions to prevent privilege abuse.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-12-12T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd8104cbff5d86109f55aa
Added to database: 5/8/2026, 6:21:56 AM
Last enriched: 5/8/2026, 6:37:21 AM
Last updated: 5/8/2026, 1:51:59 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.