CVE-2025-30091

Published Mar 25, 2025

Last updated 8 days ago

CVSS critical 9.4

Overview

Description
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available after an installation has completed.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-96

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-30091 ⚠️🔴 CRITICAL (9.4) 🏢 Tiny - MoxieManager PHP 🏗️ 0 🔗 https://t.co/5LB99nTKnd 🔗 https://t.co/hzJN1b8w3Z #CyberCron #VulnAlert #InfoSec https://t.co/nIZBSc6EGI

    @cybercronai

    26 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A critical RCE vulnerability (CVE-2025-30091) in MoxieManager exposes users to arbitrary code execution. CVSSv4 score: 9.4. Affected systems in PHP & .NET environments. 🔒 #MoxieManager #RemoteCodeExecution #USA link: https://t.co/TGujS1pE0n https://t.co/px3FuDJrpr

    @TweetThreatNews

    26 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Alert🚨 CVE-2025-30091: Critical RCE Flaw Found in MoxieManager 📊 10.5K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/ChvodxFw0E 👇Query HUNTER : https://t.co/q9rtuGgxk7="MoxieManager" 📰Refer:https://t.co/ExF3MsfpWr https://t.co/fkLSLae

    @HunterMapping

    26 Mar 2025

    1310 Impressions

    2 Retweets

    16 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨 CVE-2025-30091 ⚠️🔴 CRITICAL (9.4) 🏢 Tiny - MoxieManager PHP 🏗️ 0 🔗 https://t.co/5LB99nTKnd 🔗 https://t.co/hzJN1b8w3Z #CyberCron #VulnAlert #InfoSec https://t.co/gc2Z4lLFBC

    @cybercronai

    25 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-30091: CRITICAL] Vulnerability in Tiny MoxieManager PHP (before 4.0.0) allows unauthenticated attackers to execute arbitrary code via installer command injection in config.php.#cybersecurity,#vulnerability https://t.co/LvidMLTcSt https://t.co/5ekdOtYZB0

    @CveFindCom

    25 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-30091 In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and exe… https://t.co/SDHVR8GWpo

    @CVEnew

    25 Mar 2025

    342 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References