CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization

🗓️ 17 Mar 2025 12:00:07Reported by VulDBType

Critical vulnerability in viames Pair Framework allows remote deserialization via getCookieContent function.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-2376	17 Mar 202512:47	–	circl
CNNVD	Pair 代码问题漏洞	17 Mar 202500:00	–	cnnvd
CVE	CVE-2025-2376	17 Mar 202512:00	–	cve
EUVD	EUVD-2025-6599	3 Oct 202520:07	–	euvd
NVD	CVE-2025-2376	17 Mar 202512:15	–	nvd
RedhatCVE	CVE-2025-2376	19 Mar 202512:20	–	redhatcve
Snyk	Deserialization of Untrusted Data	17 Mar 202512:40	–	snyk
Vulnrichment	CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization	17 Mar 202512:00	–	vulnrichment

[
  {
    "vendor": "viames",
    "product": "Pair Framework",
    "versions": [
      {
        "version": "1.9.0",
        "status": "affected"
      },
      {
        "version": "1.9.1",
        "status": "affected"
      },
      {
        "version": "1.9.2",
        "status": "affected"
      },
      {
        "version": "1.9.3",
        "status": "affected"
      },
      {
        "version": "1.9.4",
        "status": "affected"
      },
      {
        "version": "1.9.5",
        "status": "affected"
      },
      {
        "version": "1.9.6",
        "status": "affected"
      },
      {
        "version": "1.9.7",
        "status": "affected"
      },
      {
        "version": "1.9.8",
        "status": "affected"
      },
      {
        "version": "1.9.9",
        "status": "affected"
      },
      {
        "version": "1.9.10",
        "status": "affected"
      },
      {
        "version": "1.9.11",
        "status": "affected"
      }
    ],
    "modules": [
      "PHP Object Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
gist	www.gist.github.com/mcdruid/1997e10026833d2d1f3e359d75b5912a
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

17 Mar 2025 12:00Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

EPSS0.00197