CVE-2025-56399

HIGH

alexusmai laravel-file-manager <3.3.1 - Authenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-56399. PoCs published by Theethat-Thamwasin, im-hanzou.

AI-analyzed exploit summary This repository contains a detailed writeup describing an authenticated Remote Code Execution (RCE) vulnerability in laravel-file-manager v3.3.1 and below. The vulnerability allows attackers to upload malicious files and rename them to executable PHP files, leading to arbitrary code execution.

Description

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.

Exploits (2)

nomisec WRITEUP 3 stars

by Theethat-Thamwasin · poc

https://github.com/Theethat-Thamwasin/CVE-2025-56399

View Code ZIP pw:eip

This repository contains a detailed writeup describing an authenticated Remote Code Execution (RCE) vulnerability in laravel-file-manager v3.3.1 and below. The vulnerability allows attackers to upload malicious files and rename them to executable PHP files, leading to arbitrary code execution.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: laravel-file-manager v3.3.1 and below

Auth required

Prerequisites: Authenticated access to the file manager interface · Ability to upload or create files

MITRE ATT&CK

T1205 - Traffic Signaling T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by im-hanzou · poc

https://github.com/im-hanzou/CVE-2025-56399

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-56399, targeting a file upload vulnerability in Laravel File Manager. The exploit automates CSRF token extraction, file upload, and shell verification to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Laravel File Manager (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable Laravel File Manager endpoint · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 15, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/Theethat-Thamwasin/CVE-2025-56399

Various Sources

http://laravel-file-manager.com

Scores

CVSS v3 8.8

EPSS 0.0050

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Published Oct 28, 2025

Tracked Since Feb 18, 2026