Summary: Tiny Technologies has issued a security advisory regarding a critical remote code execution (RCE) vulnerability (CVE-2025-30091) in MoxieManager, a widely used file and media management solution. This flaw allows unauthenticated attackers to inject and execute arbitrary code, posing a significant risk to systems utilizing MoxieManager. Users are urged to update to the patched version 4.0.0 or implement temporary workarounds to mitigate the risk.

Affected: MoxieManager users in PHP and .NET environments

Keypoints :

• Critical vulnerability discovered in MoxieManager allowing remote code execution.
• Security advisory assigns a CVSSv4 score of 9.4 to this high-severity flaw.
• Users should update to MoxieManager PHP 4.0.0 or manually delete the install directory as a temporary workaround.