Backdoor Vulnerability in PHPStudy Affects Multiple Versions
CVE-2025-34061

9.3CRITICAL

Key Information:

Vendor: Henan Xiaopi Security Technology Co., Ltd.
Status: PHPstudy
Vendor: CVE Published:; 3 July 2025

🔔 Create Henan Xiaopi Security Technology Co., Ltd. Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34061?

A backdoor has been identified in PHPStudy versions 2016 through 2018, enabling unauthenticated remote attackers to execute arbitrary PHP code on compromised systems. This backdoor listens for malicious base64-encoded PHP payloads sent in the Accept-Charset HTTP header of incoming requests. Upon receipt, it decodes and executes these payloads without proper validation, exposing the web server to significant security risks and allowing attackers to execute commands as the web server user. This exploit emphasizes the importance of securing PHPStudy installations to prevent unauthorized access.

Affected Version(s)

PHPStudy 2016 <= 2018

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34061 - Proof of Concept

References

https://raw.githubusercontent.com/rapid7/metasploit-frame...

exploit

https://www.xp.cn/phpstudy

product

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 3, 2025
👾
Exploit known to exist
Jul 3, 2025
Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Dimensional