CVE-2025-7216

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: lty628 Aidigu versions up to 1.8.2

Description: A critical vulnerability exists in lty628 Aidigu. The issue affects the checkUserCookie function within the PHP Object Handler component, located in the /application/common.php file. Manipulation of the rememberMe argument leads to deserialization, allowing for remote exploitation. The exploit has been publicly disclosed and may be utilized.

Recommendations: Versions prior to 1.8.2 are affected. Update lty628 Aidigu to a version newer than 1.8.2. As a temporary workaround, restrict access to the /application/common.php file. Disable the rememberMe functionality if it is not essential.

Exploit

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-7216

Affected Products

Lty628 Aidigu

CVE-2025-7216

Weakness Enumeration

Related Identifiers

Affected Products

References · 8