CVE-2025-67887
CRITICAL1C-Bitrix through 25.100.500 - Remote Code Execution
Title source: manualExploitation Summary
EIP tracks 2 public exploits for CVE-2025-67887. PoCs published by cyberok-org, reewardius.
AI-analyzed exploit summary This repository provides a technical analysis and a hotfix for CVE-2025-67887, a vulnerability in the 1C-Bitrix Translate module that allows RCE via malicious .htaccess files in uploaded archives. The code includes a sanitization function to remove .htaccess files post-extraction.
Description
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
Exploits (2)
This repository provides a technical analysis and a hotfix for CVE-2025-67887, a vulnerability in the 1C-Bitrix Translate module that allows RCE via malicious .htaccess files in uploaded archives. The code includes a sanitization function to remove .htaccess files post-extraction.
This repository contains a functional exploit for CVE-2025-67887, targeting a remote code execution vulnerability in 1C-Bitrix's Translate Module. The exploit authenticates, uploads a malicious archive, extracts it, and executes arbitrary commands via a shell.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H