CVE-2025-57567

Published: Oct 17, 2025

Modified: Oct 17, 2025

PUBLISHED

Description

A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel, enabling execution of system commands.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://pluxml.com

https://github.com/lukehebe/Vulnerability-Disclosures/blob/main/CVE-2025-57567.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57567

Description

Affected Products

References