CVE-2025-34061

CRITICAL

PHPStudy <2018 - RCE

Title source: llm

Description

A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Dimensional, Airevan · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rb

View Code ZIP pw:eip

References (2)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpstudy_backdoor_rce.rb

[Various Sources] https://www.xp.cn/phpstudy

Scores

CVSS v4 9.3

EPSS 0.6296

EPSS Percentile 98.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-94

Status published

Products (1)

Henan Xiaopi Security Technology Co., Ltd./PHPStudy 2016 - 2018

Published Jul 03, 2025

Tracked Since Feb 18, 2026