Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

appRain CMF Remote Code Execution Vulnerability

Vulnerability

Exploited

A remote code execution vulnerability has been identified in appRain CMF version 4.0.5. This vulnerability allows authenticated administrative users to upload malicious PHP files through the file manager upload endpoint. Once uploaded, these files can be executed as web shells, providing command execution capabilities on the server.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where appRain CMF 4.0.5 is installed.

Reproduction

To reproduce this vulnerability, an authenticated administrative user must upload a crafted PHP file through the file manager upload endpoint. The uploaded file should be designed to execute commands on the server, such as a web shell. Once the file is uploaded, it can be accessed via the uploads directory, where the web shell can be executed.

Added: Dec 10, 2025, 10:36 PM

Updated: Dec 10, 2025, 10:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.5

remediation

0.0

relevance

1.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.5

remediation

0.0

relevance

1.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

appRain CMF Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

appRain CMF

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating