Strix
26.1K

CVE-2025-44658

CRITICALCVSS 9.8/10EPSS 1.01%

Last modified

CVE-2025-44658 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. EPSS estimates a 1.01% chance of exploitation in the next 30 days.

Description

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.01%

58.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetgearRax30 Firmware1.0.10.94

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-44658?
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.
How severe is CVE-2025-44658?
CVE-2025-44658 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.01% probability of exploitation in the next 30 days.
How do I fix CVE-2025-44658?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-44658?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST