CVE-2025-55010

CRITICAL LAB

Kanboard <1.2.47 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-55010. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-10622, an OS command injection vulnerability in Foreman (versions 3.12.0 through 3.16.0). The exploit leverages client-side-only validation of transpiler path settings to execute arbitrary commands as the Foreman process user via REST API or GraphQL.

Description

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47.

Exploits (1)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-55010

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-10622, an OS command injection vulnerability in Foreman (versions 3.12.0 through 3.16.0). The exploit leverages client-side-only validation of transpiler path settings to execute arbitrary commands as the Foreman process user via REST API or GraphQL.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (3.12.0 through 3.16.0)

Auth required

Prerequisites: authenticated admin access · Foreman instance with vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r

Patch x_refsource_misc

https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f

View Patch ZIP pw:eip

Product x_refsource_misc

https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57

Related Analysis

Zero to RCE

Five CVEs Case Study

Scores

CVSS v3 9.1

EPSS 0.0889

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2025-55010-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-55010-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-502

Status published

Products (1)

kanboard/kanboard < 1.2.47

Published Aug 12, 2025

Tracked Since Feb 18, 2026