Critical RCE Vulnerability Found in MoxieManager PHP Installer

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:

Tiny Technologies has issued a security advisory about a critical remote code execution vulnerability in MoxieManager, a file and media management solution for PHP and .NET environments. Identified as CVE-2025-30091 with a CVSSv4 score of 9.4, the flaw allows unauthenticated attackers to inject and execute arbitrary code via the PHP installer command. MoxieManager is widely used in CMS, web hosting controllers, and LMS, making this vulnerability a significant risk. To mitigate the threat, Users are strongly urged to update immediately, with a temporary workaround available by manually deleting the install directory after installation.

RECOMMENDATION:

We strongly recommend you update MoxieManager to version 4.0.0 or later.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/cve-2025-30091-critical-rce-flaw-found-in-moxiemanager/

Recent Advisories

Threat Actors Weaponize SVG Files in Phishing Attacks to Redirect Users

April 25, 2025

Synology DSM NFS Vulnerability Allows Unauthorized Remote File Access

April 24, 2025

Phishing Campaign Uses Malicious Documents to Deploy Formbook Malware

April 24, 2025

GitLab Releases Patch to Address XSS and Account Takeover Vulnerabilities

April 24, 2025

Critical RCE Vulnerability Found in MoxieManager PHP Installer

Recent Advisories

Report an Incident