Arbitrary File Upload Vulnerability in Pagekit CMS by Pagekit
CVE-2025-67164

9.9CRITICAL

Key Information:

Vendor: Pagekit
Status: Pagekit CMS
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-67164?

An authenticated vulnerability within the Pagekit CMS allows for arbitrary file uploads through the /storage/poc.php component. This flaw potentially enables attackers to upload crafted PHP files, which can lead to unauthorized code execution on the server, posing significant risks to the security and integrity of the web application.

References

https://github.com/mbiesiad/vulnerability-research/tree/m...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Dec 8, 2025

CVE-2025-67164 Data

JSON