PHAR Deserialization Vulnerability in PrestaShop Themes Import Component
CVE-2025-25691

Currently unrated

Key Information:

Vendor: PrestaShop
Status: PrestaShop
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-25691?

A PHAR deserialization vulnerability exists within the /themes/import component of PrestaShop version 8.2.0. This issue allows an attacker to craft a malicious POST request that could lead to the execution of arbitrary code on the server. The vulnerability poses significant risks, particularly considering how e-commerce platforms like PrestaShop are often targeted. Organizations using this version should take immediate measures to mitigate potential exploitation.

References

http://dem0.com

http://dem0.com/admin/index.php/improve/design/themes/imp...

http://prestashop.com

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025