A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7101: Code Injection in BoyunCMS affecting null BoyunCMS. Get real-time updates, technical details, and mitigation strategie

CVE-2025-7101: Code Injection in BoyunCMS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7101: Code Injection in BoyunCMS

The provided information relates to a set of Indicators of Compromise (IOCs) published on 2025-07-06 by the ThreatFox MISP Feed, categorized under malware and OSINT (Open Source Intelligence) with a focus on network activity. The entry is tagged as 'type:osint' and 'tlp:white', indicating that the information is intended for wide sharing without restrictions. However, the data lacks specific details such as affected software versions, concrete technical indicators, or exploit descriptions. The threat level is rated as 2 on an unspecified scale, with analysis and distribution metrics provided but without elaboration. No known exploits are reported in the wild, and no patches are available or necessary, suggesting this is primarily an intelligence report rather than a direct vulnerability or active exploit. The absence of concrete IOCs or technical details limits the ability to assess the exact nature or mechanism of the threat. Overall, this appears to be a collection or update of OSINT-related malware indicators intended to inform security teams rather than a direct, active threat vector.

ThreatFox MISP Feed

Rhadamanthys botnet C2 server (confidence level: 100%)

ACR Stealer botnet C2 domain (confidence level: 100%)

ACR Stealer botnet C2 server (confidence level: 100%)

Cobalt Strike botnet C2 server (confidence level: 100%)

Remcos botnet C2 server (confidence level: 100%)

Unknown malware botnet C2 server (confidence level: 100%)

AsyncRAT botnet C2 server (confidence level: 100%)

Quasar RAT botnet C2 server (confidence level: 100%)

DCRat botnet C2 server (confidence level: 100%)

NetSupportManager RAT botnet C2 server (confidence level: 100%)

AdaptixC2 botnet C2 server (confidence level: 100%)

Cobalt Strike botnet C2 domain (confidence level: 75%)

Cobalt Strike botnet C2 server (confidence level: 75%)

XWorm botnet C2 server (confidence level: 100%)

Unknown malware botnet C2 domain (confidence level: 100%)

Havoc botnet C2 domain (confidence level: 100%)

Havoc botnet C2 server (confidence level: 100%)

MimiKatz botnet C2 server (confidence level: 100%)

ValleyRAT botnet C2 server (confidence level: 100%)

Lumma Stealer botnet C2 (confidence level: 75%)

XWorm botnet C2 domain (confidence level: 100%)

Remcos botnet C2 domain (confidence level: 100%)

Quasar RAT botnet C2 domain (confidence level: 100%)

Detailed information about ThreatFox IOCs for 2025-07-06. Get real-time updates, technical details, and mitigation strategies.

ThreatFox IOCs for 2025-07-06 - Live Threat Intelligence - Threat Radar | OffSeq.com

ThreatFox IOCs for 2025-07-06

A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CVE-2025-7099 is a deserialization vulnerability identified in BoyunCMS versions up to 1.21 running on PHP7. The vulnerability resides in the installation handler component, specifically within the file install/install2.php. It is triggered by manipulation of the 'db_host' argument, which leads to unsafe deserialization of data. Deserialization vulnerabilities occur when untrusted input is deserialized without proper validation, potentially allowing attackers to execute arbitrary code, escalate privileges, or cause denial of service. In this case, the vulnerability can be exploited remotely without authentication or user interaction, but the attack complexity is rated as high, indicating that exploitation requires significant skill or conditions. The CVSS 4.0 base score is 6.3 (medium severity), reflecting limited impact on confidentiality, integrity, and availability (all low), no privileges required, no user interaction, but high attack complexity. No known exploits are currently observed in the wild, but public disclosure of the exploit code exists, increasing the risk of future exploitation. The vulnerability affects all BoyunCMS versions from 1.0 through 1.21, which suggests a long-standing issue in the installation process. The lack of available patches at the time of publication means that affected users must rely on mitigation strategies until official fixes are released. Given that BoyunCMS is a content management system, exploitation could allow attackers to compromise websites, inject malicious content, or pivot into internal networks depending on deployment context.

Detailed information about CVE-2025-7099: Deserialization in BoyunCMS affecting null BoyunCMS. Get real-time updates, technical details, and mitigation strategi

CVE-2025-7099: Deserialization in BoyunCMS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7099: Deserialization in BoyunCMS

A vulnerability, which was classified as critical, was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name Handler. The manipulation of the argument name/folder leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7098 is a path traversal vulnerability identified in Comodo Internet Security Premium version 12.3.4.8162, specifically within an unspecified function of the File Name Handler component. Path traversal vulnerabilities occur when an attacker manipulates input parameters that specify file or directory paths, enabling unauthorized access to files and directories outside the intended scope. In this case, the vulnerability arises from improper validation or sanitization of the 'name' or 'folder' arguments, allowing an attacker to traverse the file system hierarchy remotely. The vulnerability is remotely exploitable without requiring authentication or user interaction, but the attack complexity is considered high and exploitation is difficult. The CVSS 4.0 base score is 6.3 (medium severity), reflecting network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although the vendor was notified early, no response or patch has been issued, and no known exploits are currently observed in the wild. The public disclosure of the vulnerability increases the risk of exploitation attempts, especially by skilled attackers capable of overcoming the complexity barrier. The lack of patch availability means affected users remain vulnerable, and the path traversal could potentially allow attackers to access sensitive files or system resources, leading to information disclosure or further system compromise depending on the environment and file permissions.

Detailed information about CVE-2025-7098: Path Traversal in Comodo Internet Security Premium affecting Comodo Internet Security Premium. Get real-time updates, 

CVE-2025-7098: Path Traversal in Comodo Internet Security Premium - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7098: Path Traversal in Comodo Internet Security Premium

A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7100: Unrestricted Upload in BoyunCMS affecting null BoyunCMS. Get real-time updates, technical details, and mitigation stra

CVE-2025-7100: Unrestricted Upload in BoyunCMS

CVE-2025-7100: Unrestricted Upload in BoyunCMS

Description

Technical Details

Related Threats

CVE-2025-7101: Code Injection in BoyunCMS

CVE-2025-7099: Deserialization in BoyunCMS

CVE-2025-7098: Path Traversal in Comodo Internet Security Premium

CVE-2025-3108: CWE-1112 Incomplete Documentation of Program Execution in run-llama run-llama/llama_index

CVE-2025-7097: OS Command Injection in Comodo Internet Security Premium

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility