CVE-2025-32146

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 4, 2025

Updated: Apr 7, 2025

CWE ID 98

Summary

CVE-2025-32146 is a filename manipulation vulnerability affecting the JoomSky JS Job Manager, specifically versions from n/a to 2.0.2. An attacker can exploit this PHP Remote File Inclusion (RFI) vulnerability by crafting malicious filename parameters for include or require statements. The vulnerability allows the attacker to include local files, potentially leading to sensitive data disclosure or arbitrary code execution. This issue underscores the importance of maintaining up-to-date software and implementing secure coding practices to prevent PHP RFI vulnerabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/484Nnw
https://www.cve.org/CVERecord?id=CVE-2025-32146
https://nvd.nist.gov/vuln/detail/CVE-2025-32146

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-32146

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations