CVE-2025-67325

CRITICAL

QloApps < 1.7.0 - Unauthenticated Remote Code Execution via Hotel Review File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-67325. PoCs published by mr7s3d0.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2025-67325, an unauthenticated RCE vulnerability in QloApps <= 1.7.0 due to unrestricted file upload in the hotel review feature. The exploit involves uploading a malicious PHP file disguised as an image to achieve remote code execution.

Description

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.

Exploits (1)

nomisec WORKING POC

by mr7s3d0 · poc

https://github.com/mr7s3d0/CVE-2025-67325

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2025-67325, an unauthenticated RCE vulnerability in QloApps <= 1.7.0 due to unrestricted file upload in the hotel review feature. The exploit involves uploading a malicious PHP file disguised as an image to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: QloApps <= 1.7.0

No auth needed

Prerequisites: Valid id_order (obtained via bruteforce or booking) · Ajax token (obtained from any hotel room page)

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://github.com/Qloapps/QloApps

Exploit, Third Party Advisory

https://github.com/mr7s3d0/CVE-2025-67325

Scores

CVSS v3 9.8

EPSS 0.0083

EPSS Percentile 52.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

webkul/qloapps < 1.7.0

Published Jan 08, 2026

Tracked Since Feb 18, 2026