Vulnerability Details CVE-2025-44658
In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-44658
-
cpe:2.3:h:netgear:rax30:-
-
cpe:2.3:o:netgear:rax30_firmware:1.0.10.94