A critical vulnerability, identified as CVE-2025-30949, has been discovered in the Guru Team "Site Chat on Telegram" plugin. This flaw allows an unauthenticated attacker to inject and execute arbitrary code on the server by sending specially crafted data through the Telegram integration. Successful exploitation could result in a complete compromise of the website, leading to data theft, service disruption, and full system takeover.

The plugin is affected by a Deserialization of Untrusted Data vulnerability. The application fails to properly sanitize user-supplied data before it is deserialized, a process that converts data back into a functioning object. An attacker can exploit this by providing a malicious serialized object payload, which, when processed by the application, triggers an Object Injection attack. This allows the attacker to execute arbitrary code with the permissions of the web server, effectively leading to Remote Code Execution (RCE).

This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the high potential for severe damage. Exploitation could lead to a complete compromise of the web server hosting the plugin. The potential consequences include, but are not limited to, theft of sensitive company or customer data, financial loss, significant reputational damage, and disruption of business operations. An attacker could use the compromised server to host malware, attack other systems within the network, or deface the public-facing website.

Immediate Action: Immediately update the "Site Chat on Telegram" plugin to the latest secure version (newer than 1.0.4) as recommended by the vendor. If an update is not immediately available, the plugin should be disabled and removed from the website to eliminate the attack surface.

Proactive Monitoring: Organizations should actively monitor for exploitation attempts. Review web server access and error logs for unusual POST requests containing suspicious serialized data payloads. Monitor system behavior for unexpected file modifications, creation of unauthorized user accounts, or outbound network connections to unknown destinations.

Compensating Controls: If patching or disabling the plugin is not immediately feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block Java or PHP object serialization attacks. Additionally, ensure the web application process runs with the principle of least privilege to limit the potential impact of a successful exploit.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability, we strongly recommend that organizations treat this as a top priority. The risk of full system compromise necessitates immediate action. Although this CVE is not currently listed on the CISA KEV list, its high score makes it a prime candidate for future inclusion and widespread exploitation. All organizations using the affected "Site Chat on Telegram" plugin must apply the vendor-supplied patch or implement the recommended compensating controls without delay.