Summary: Tiny Technologies has issued a security advisory regarding a critical remote code execution (RCE) vulnerability (CVE-2025-30091) in MoxieManager, a widely used file and media management solution. This flaw allows unauthenticated attackers to inject and execute arbitrary code, posing a significant risk to systems utilizing MoxieManager. Users are urged to update to the patched version 4.0.0 or implement temporary workarounds to mitigate the risk.
Affected: MoxieManager users in PHP and .NET environments
Keypoints :
- Critical vulnerability discovered in MoxieManager allowing remote code execution.
- Security advisory assigns a CVSSv4 score of 9.4 to this high-severity flaw.
- Users should update to MoxieManager PHP 4.0.0 or manually delete the install directory as a temporary workaround.
Source: https://securityonline.info/cve-2025-30091-critical-rce-flaw-found-in-moxiemanager/