Description

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.

INFO

Published Date :

2025-07-21T00:00:00.000Z

Last Modified :

2025-08-07T13:43:33.448Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-44658 vulnerability.

Vendors Products
Netgear
  • Rax30
  • Rax30 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-44658.

URL Resource
https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6 cve-icon cve-icon
https://www.netgear.com/about/security/ cve-icon cve-icon
https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact