Vulnerability Database

296,857

Total vulnerabilities in the database

CVE-2025-52994

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

Published: Jul 11, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-52994
GHSA: GHSA-q745-cfqh-hcrw
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
james-heinrich / phpthumb	-	1.7.23.x

https://github.com/JamesHeinrich/phpThumb/commit/cdcbc206ae601b15fd17e7aadf59df51149a0e82
https://github.com/JamesHeinrich/phpThumb/releases
https://safety-online.pl/cve-2025-52994
https://safety-online.pl/cve-2025-52994/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo