CVE-2025-67924

zozothemes · Corpkit

The Corpkit theme by zozothemes contains an unrestricted file upload vulnerability that allows an attacker to upload and execute a web shell.

Executive summary

An unrestricted file upload vulnerability in the zozothemes Corpkit theme allows unauthenticated attackers to achieve remote code execution by uploading a web shell.

Vulnerability

This vulnerability involves the lack of file type validation during the upload process, enabling an unauthenticated attacker to place malicious executable files onto the web server. This typically results in full system compromise via the execution of a web shell.

Business impact

A successful exploit grants the attacker the ability to execute arbitrary code on the server, leading to a total loss of system integrity and confidentiality. With a CVSS score of 9.8, this represents a critical risk that could result in complete server takeover, lateral movement within the network, and the deployment of ransomware or backdoors.

Remediation

Immediate Action: Immediately restrict access to the affected theme and check for unauthorized file uploads in the application’s directory structure.

Proactive Monitoring: Monitor the web server’s file system for the creation of new, unexpected PHP or executable files, and analyze web logs for unusual POST requests to upload endpoints.

Compensating Controls: Configure the web server to disable script execution in the directory where user uploads are stored, effectively neutralizing the functionality of a uploaded web shell.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

The ability to upload arbitrary code represents one of the most severe security risks possible. Administrators must treat this as a high-priority incident, ensuring the theme is updated to a secure version or replaced if no patch is currently available.