CVE-2025-44658

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6	Broken Link
https://www.netgear.com/about/security/	Vendor Advisory
https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:netgear:rax30_firmware:1.0.10.94:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-21 16:15

Updated : 2025-08-07 17:57

NVD link : CVE-2025-44658

Mitre link : CVE-2025-44658

CVE.ORG link : CVE-2025-44658

JSON object : View

Products Affected

netgear

rax30
rax30_firmware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-44658", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-21T16:15:29.560", "references": [{"url": "https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.netgear.com/about/security/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise."}, {"lang": "es", "value": "En Netgear RAX30 V1.0.10.94, una vulnerabilidad de configuraci\u00f3n incorrecta de PHP-FPM se debe a que no se sigue la especificaci\u00f3n que limita FPM \u00fanicamente a las extensiones .php. Un atacante podr\u00eda explotar esto subiendo scripts maliciosos camuflados con extensiones alternativas y enga\u00f1ando al servidor web para que los ejecute como PHP, evadiendo as\u00ed los mecanismos de seguridad basados en el filtrado de extensiones de archivo. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE), la divulgaci\u00f3n de informaci\u00f3n o la vulneraci\u00f3n total del sistema."}], "lastModified": "2025-08-07T17:57:40.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax30_firmware:1.0.10.94:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2F37A1A-52D1-4116-955B-D3573BA24645"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}