CVE-2025-50515

MEDIUM

phome Empirebak 2010 - Remote Code Execution via Config File Upload

Title source: llm

Description

An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

References (2)

Core 2

Core References

Various Sources

https://gist.github.com/Master-0-0/5debd3fbda86edabb1ee80e25c029663

Various Sources

https://www.yuque.com/lcc316/df0kgm/bfzpfvb6yaat45nt

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 15.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Published Aug 14, 2025

Tracked Since Feb 18, 2026