CVE-2025-34060
Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation. MIME type checks using PHP’s finfo can be bypassed via crafted stream filter chains that prepend spoofed headers, allowing access to internal Laravel configuration files. An attacker can extract the APP_KEY from config/app.php, forge encrypted cookies, and trigger unsafe unserialize() calls, leading to reliable remote code execution.
Existe una vulnerabilidad de inyección de objeciones en PHP en el software de foro basado en Laravel del Proyecto Monero debido al manejo inseguro de entradas no confiables en el endpoint /get/image/. La aplicación pasa un parámetro de enlace proporcionado por el usuario directamente a file_get_contents() sin validación. Las comprobaciones de tipo MIME mediante finfo de PHP pueden eludirse mediante cadenas de filtros de flujo manipuladas que anteponen encabezados falsificados, lo que permite el acceso a los archivos de configuración internos de Laravel. Un atacante puede extraer la clave APP_KEY de config/app.php, falsificar cookies cifradas y activar llamadas unserialize() inseguras, lo que provoca la ejecución remota de código fiable.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-04-15 CVE Reserved
- 2025-07-01 CVE Published
- 2025-07-01 CVE Updated
- 2025-07-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-502: Deserialization of Untrusted Data
- CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
- CAPEC-137: Parameter Injection
- CAPEC-153: Input Data Manipulation
- CAPEC-248: Command Injection
References (2)
URL | Tag | Source |
---|---|---|
https://swap.gs/posts/monero-forums | Technical Description | |
https://vulncheck.com/advisories/monero-forum-rce | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Monero Project Search vendor "Monero Project" | Forum Search vendor "Monero Project" for product "Forum" | 0 Search vendor "Monero Project" for product "Forum" and version "0" | en |
Affected
|