{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70364", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T15:40:41.674Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T15:40:41.674Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://kiamo.com"}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server."}], "id": "CVE-2025-70364", "lastModified": "2026-04-09T16:16:25.573", "metrics": {}, "published": "2026-04-09T16:16:25.573", "references": [{"source": "cve@mitre.org", "url": "http://kiamo.com"}, {"source": "cve@mitre.org", "url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.4)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "kiamo", "vendor": "kiamo"}], "analysis": {"en": {"generated_at": "2026-04-09T17:52:56.558568+00:00", "value": {"mitigation_remediation": ["Upgrade Kiamo to version 8.4 or newer.", "If an upgrade is not immediately possible, restrict or disable the administrative features that accept PHP code input.", "Enforce strong password policies and implement multi\u2011factor authentication for all administrative accounts.", "Monitor server logs for anomalous PHP execution activity and investigate any suspicious events promptly."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Kiamo installations with a pre\u20118.4 release are vulnerable. This includes all 8.3.x series and earlier builds, regardless of patchlevel, until the 8.4 update is applied.", "description_and_impact": "An authenticated administrative attacker can run arbitrary PHP code on a Kiamo server running a version earlier than 8.4. The flaw allows execution of custom PHP scripts, which constitutes a code execution weakness. Successful exploitation would give the attacker full control over the server, enabling data theft, configuration changes, or the placement of additional malware.", "risk_and_exploitability": "The vulnerability requires administrative credentials, so the threat is limited to insiders or compromised accounts. Once exploited, the attacker could compromise the entire server, impacting confidentiality, integrity, and availability. No CVSS or EPSS score is available, and the item is not listed in the CISA KEV catalog, so quantification is uncertain but potential impact is high. Likely exploitation involves authenticating as an admin, then submitting crafted input that is processed by PHP on the server."}}}}, "created": "2026-04-10T08:54:04.076809+00:00", "title": "Authenticated Admin Arbitrary PHP Code Execution in Kiamo Prior to v8.4", "updated": "2026-04-10T09:33:13.678011+00:00", "vendors": ["kiamo", "kiamo$PRODUCT$kiamo"]}