Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-52994

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

Published

2025-07-11T15:15:27.167

Last Modified

2025-07-15T13:14:49.980

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

References

https://github.com/JamesHeinrich/phpThumb/commit/cdcbc206ae601b15fd17e7aadf59df51149a0e82 ([email protected])
https://github.com/JamesHeinrich/phpThumb/releases ([email protected])
https://safety-online.pl/cve-2025-52994/ ([email protected])