{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:49:22.124","vulnerabilities":[{"cve":{"id":"CVE-2025-44658","sourceIdentifier":"cve@mitre.org","published":"2025-07-21T16:15:29.560","lastModified":"2025-08-07T17:57:40.350","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise."},{"lang":"es","value":"En Netgear RAX30 V1.0.10.94, una vulnerabilidad de configuración incorrecta de PHP-FPM se debe a que no se sigue la especificación que limita FPM únicamente a las extensiones .php. Un atacante podría explotar esto subiendo scripts maliciosos camuflados con extensiones alternativas y engañando al servidor web para que los ejecute como PHP, evadiendo así los mecanismos de seguridad basados en el filtrado de extensiones de archivo. Esto puede provocar la ejecución remota de código (RCE), la divulgación de información o la vulneración total del sistema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:rax30_firmware:1.0.10.94:*:*:*:*:*:*:*","matchCriteriaId":"E2F37A1A-52D1-4116-955B-D3573BA24645"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*","matchCriteriaId":"EBC92B49-60E0-4554-BE7F-D2B5D6EF6454"}]}]}],"references":[{"url":"https://gist.github.com/TPCchecker/c72eea7a3f89070dab7dfdbf7504b2d6","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://www.netgear.com/about/security/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.notion.so/CVE-2025-44658-24754a1113e780df8f72c779a108f75b","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}