CNNVD-202507-3795 Information
CNNVD ID
CNNVD-202507-3795
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop v8.2.0版本存在安全漏洞,该漏洞源于组件/themes/import存在PHAR反序列化问题,可能导致执行任意代码。
Description (English)
PrestaShop is an open-source e-commerce solution for PrestaShop in the United States. The programme provides multiple payment modes, SMS alerts and commodity photo scaling. There is a security loophole in PrestaShop v8.2.0, which stems from the anti-sequencing problem of PHAR in component/themes/import, which may lead to the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
PrestaShop
Published
2025-07-30
Last Modified
2026-02-24
References
http://dem0.com/admin/index.php/improve/design/themes/import?_token=btRUtV2Om2noliZZjeFQZhlMY3gYivjABbPOjP91L6U http://prestashop.com https://github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25691.md https://github.com/PrestaShop/PrestaShop https://access.redhat.com/security/cve/cve-2025-25691
Patch
https://github.com/PrestaShop/PrestaShop/releases
Share on: