Remote Code Execution Vulnerability in PluXml CMS by PluXml
CVE-2025-57567

9.1CRITICAL

Key Information:

Vendor: PluXml
Status: PluXml CMS
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-57567?

A security flaw exists in the theme editor of PluXml CMS, specifically in the minify.php file under the default theme directory. This vulnerability allows an authenticated administrator to overwrite the minify.php file with arbitrary PHP code through the admin panel. Consequently, malicious code can be executed, potentially leading to unauthorized access and control over the server. Proper validation and sanitization measures should be implemented to mitigate this risk.

References

http://pluxml.com

https://github.com/lukehebe/Vulnerability-Disclosures/blo...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Aug 17, 2025

JSON