Arbitrary Command Execution in DevDojo Voyager Affecting Laravel 8+
CVE-2025-32931

Currently unrated

Key Information:

Vendor: DevDojo
Status: Voyager
Vendor: CVE Published:; 14 April 2025

Summary

A vulnerability exists in DevDojo Voyager versions 1.4.0 to 1.8.0 when used with Laravel 8 or later, allowing authenticated administrators to execute arbitrary operating system commands through a specific 'php artisan' command. This flaw can potentially compromise system integrity, leading to unauthorized access and control.

References

https://github.com/lishihihi/voyager-issue-report/

https://github.com/thedevdojo/voyager/blob/1.8/docs/core-...

https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d...

Timeline

Vulnerability published
Apr 14, 2025