{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70364", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-22T14:47:51.482Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-22T14:47:51.482Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is \"a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges.\" However, restrictions on some PHP functions were added in 8.4."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://kiamo.com"}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "tags": ["disputed"]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:47:58.274588Z", "id": "CVE-2025-70364", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:35:28.747Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70364", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T14:47:58.274588Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:51:55.015Z"}}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://kiamo.com"}, {"url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is \"a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges.\" However, restrictions on some PHP functions were added in 8.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-22T14:47:51.482Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70364", "state": "PUBLISHED", "dateUpdated": "2026-04-22T14:47:51.482Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is \"a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges.\" However, restrictions on some PHP functions were added in 8.4."}], "id": "CVE-2025-70364", "lastModified": "2026-04-22T15:16:12.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T16:16:25.573", "references": [{"source": "cve@mitre.org", "url": "http://kiamo.com"}, {"source": "cve@mitre.org", "url": "https://github.com/hackvens/blog.hackvens.fr/blob/main/_posts/advisories/2025-12-23-CVE-2025-70364-Kiamo.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.4)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "kiamo", "vendor": "kiamo"}], "analysis": {"en": {"generated_at": "2026-04-27T19:57:35.317816+00:00", "value": {"mitigation_remediation": ["Upgrade Kiamo to version 8.4 or later", "Verify that restrictions on PHP functions are enabled in version 8.4", "Revoke unnecessary administrator privileges and enforce least privilege"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via PHP"}, "threat_synthesis": {"affected_systems": "All Kiamo installations running a version earlier than 8.4 are affected. No other products or versions are listed as impacted.", "description_and_impact": "An issue in Kiamo before version 8.4 allows an attacker who is already authenticated as an administrator to execute arbitrary PHP code on the server, which is a direct remote code execution flaw (CWE\u201194). Based on the description, it is inferred that executing arbitrary PHP would allow the attacker to read, modify, or delete any files accessible to the web server, thereby compromising data confidentiality, integrity, and potentially the underlying operating system. The vendor acknowledges this as a historical administrative feature, accessible only to users with explicit admin privileges, and notes that restrictions on certain PHP functions were added in version 8.4.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not included in CISA\u2019s KEV catalog. Exploitation requires the attacker to be authenticated as an administrator, meaning a prior compromise of administrative credentials is necessary before the arbitrary code can be executed."}}}}, "created": "2026-04-10T08:54:04.076809+00:00", "title": "Administrative RCE via Arbitrary PHP Execution in Kiamo <8.4", "updated": "2026-04-27T20:00:05.662092+00:00", "vendors": ["kiamo", "kiamo$PRODUCT$kiamo"]}