CVE-2025-44658

Name of the Vulnerable Software and Affected Versions Netgear RAX30 version 1.0.10.94

Description A PHP-FPM misconfiguration exists due to not restricting FPM to only process .php extensions. An attacker can exploit this by uploading malicious scripts with alternate extensions and tricking the web server into executing them as PHP, bypassing file extension-based security mechanisms. This may lead to remote code execution (RCE) or information disclosure.

Recommendations Update to a newer version that contains a fix for this issue. As a temporary workaround, restrict file uploads to only .php extensions.