Lucene search
K

CVE-2025-67887

๐Ÿ—“๏ธย 08 May 2026ย 00:00:00Reported byย mitreTypeย 
cve
ย cve
๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 2394ย Views๐ŸŒ WEB

CVE-2025-67887: 1C-Bitrix up to 25.100.500 enables remote code execution via Translate Module by uploading PHP and .htaccess.

Related
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-67887
8 May 202600:00
โ€“attackerkb
GithubExploit
Exploit for CVE-2025-67887
18 Dec 202509:00
โ€“githubexploit
GithubExploit
Exploit for CVE-2025-67887
18 Dec 202513:07
โ€“githubexploit
Circl
CVE-2025-67887
18 Dec 202515:00
โ€“circl
CNNVD
1C-Bitrix ๅฎ‰ๅ…จๆผๆดž
8 May 202600:00
โ€“cnnvd
Cvelist
CVE-2025-67887
8 May 202600:00
โ€“cvelist
EUVD
EUVD-2025-209735
8 May 202600:00
โ€“euvd
NVD
CVE-2025-67887
8 May 202607:16
โ€“nvd
Packet Storm
๐Ÿ“„ 1C-Bitrix 25.100.500 Remote Code Execution
16 Dec 202500:00
โ€“packetstorm
Packet Storm
๐Ÿ“„ Cโ€‘Bitrix 25.100.500 Translate Module Arbitrary File Upload
18 Dec 202500:00
โ€“packetstorm
Rows per page
ParameterPositionPathDescriptionCWE
sessidrequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.uploadArbitrary file upload to a predictable path via Translate Module upload endpoint (CWE-434)CWE-434
tarFilerequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.uploadArbitrary file upload to a predictable path via Translate Module upload endpoint (CWE-434)CWE-434
sessidrequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.extractServer-side extraction trigger for uploaded archive (part of the same vulnerability chain)CWE-434
sessidrequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.applyFinalize/resolve uploaded asset path; may reveal or place uploaded content for executionCWE-434
PROCESS_TOKENrequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.applyFinalize/resolve uploaded asset path; may reveal or place uploaded content for executionCWE-434
languageIdrequest bodybitrix/services/main/ajax.php?action=translate.asset.grabber.applyFinalize/resolve uploaded asset path; may reveal or place uploaded content for executionCWE-434

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:58Current
6Medium risk
Vulners AI Score6
CVSS 3.19.8
EPSS0.01549
SSVC
2394