CVE-2025-2376

Summary

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
viamesPair Framework1.9.0affected
viamesPair Framework1.9.1affected
viamesPair Framework1.9.2affected
viamesPair Framework1.9.3affected
viamesPair Framework1.9.4affected
viamesPair Framework1.9.5affected
viamesPair Framework1.9.6affected
viamesPair Framework1.9.7affected
viamesPair Framework1.9.8affected
viamesPair Framework1.9.9affected
viamesPair Framework1.9.10affected
viamesPair Framework1.9.11affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References