PHAR Deserialization Vulnerability in PrestaShop by PrestaShop
CVE-2025-25692

Currently unrated

Key Information:

Vendor: PrestaShop
Status: PrestaShop
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-25692?

A vulnerability exists in the _getHeaders function of PrestaShop v8.2.0, wherein improper handling of PHAR files allows attackers to craft a malicious POST request. This could lead to the execution of arbitrary code on the server, putting sensitive data and system integrity at risk. Users are advised to review their installations and apply necessary patches to mitigate potential threats.

References

http://prestashop.com

https://github.com/3em0/cve_repo/blob/main/preshop/CVE-20...

https://github.com/PrestaShop/PrestaShop

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025