CVE-2025-54418

Published Jul 28, 2025

Last updated 4 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-54418 is a command injection vulnerability affecting CodeIgniter4 applications that use the ImageMagick handler for image processing, specifically versions prior to 4.6.2. It allows attackers to execute arbitrary system commands on vulnerable servers. This vulnerability exists if the application allows file uploads with user-controlled filenames and processes the uploaded images using the `resize()` method, or if the application uses the `text()` method with user-controlled content or options. There are two primary attack vectors: uploading files with malicious filenames containing shell metacharacters that are executed during image processing, and exploiting the `text()` method by injecting malicious content or options when adding text overlays to images. To mitigate this vulnerability, users should upgrade to version 4.6.2 or later. As a workaround, switching to the GD image handler or generating random names for uploaded files can eliminate the attack vector.

Description
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Insights

Analysis from the Intruder Security Team
Published Jul 30, 2025 Updated Jul 31, 2025

For this vulnerability to be exploitable, the ImageMagick image processing library needs to be used to resize or add a text watermark to a user-uploaded file which was saved using a user-provided filename, or where the parameters for adding a watermark are user-controlled. File upload implementations that use a randomly generated filename before image resizing are not vulnerable.

This vulnerability is simple to exploit and we expect to see active exploitation soon. However, attackers will need to locate file upload functionality within your applications first which will be difficult to fully automate at scale, so mass exploitation is unlikely.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-78

Social media

Hype score
Not currently trending
  1. Critical CodeIgniter4 Vulnerability CVE-2025-54418 #CISO https://t.co/QPEfohPTdY

    @compuchris

    31 Jul 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨CVE-2025-54418: CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability FOFA Query: app="CodeIgniter-PHP-Framework" Results: 2,254,632 FOFA: https://t.co/nNF6k73cmY CVSS: 9.8 Advisory: https://t.co/d7sZIDiBs4 https://t.co/72utqjP4jo

    @DarkWebInformer

    30 Jul 2025

    5053 Impressions

    26 Retweets

    79 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  3. CodeIgniter4のImageMagickハンドラにおいて、致命的なコマンドインジェクションの脆弱性(CVE-2025-54418)が発見された。CVSSスコアは最大の10.0であり、認証なし・ユーザー操作なしで任意のコマンドを実行できる重

    @yousukezan

    29 Jul 2025

    1313 Impressions

    1 Retweet

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-54418: CodeIgniter has Command Injection Vulnerability 🎯2.2m+ Results are found on the https://t.co/pb16tGXCUG nearly year 🔗FOFA Link:https://t.co/FYxWadIOr1 FOFA Query:app="CodeIgniter-PHP-Framework" 🔖Refer:https://t.co/pMZUeMvUNy #OSINT #FOFA #Cyb

    @fofabot

    29 Jul 2025

    3260 Impressions

    18 Retweets

    57 Likes

    27 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-54418 Command Injection in CodeIgniter ImageMagick Handler Versions Prior to 4.6.2 https://t.co/w0tzEBs6wK

    @VulmonFeeds

    28 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-54418 CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick hand… https://t.co/YYDRQkvjDW

    @CVEnew

    28 Jul 2025

    391 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2025-54418: Remote command injection in CodeIgniter’s ImageMagick handler lets attackers run shell commands without login. Upgrade to 4.6.2 or switch to the GD handler now! Full advisory ➡️ https://t.co/3U9vDiwyPW #CodeIgniter #infosec #AppSec

    @VolerionSec

    28 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. [CVE-2025-54418: CRITICAL] CodeIgniter users beware! A command injection vulnerability pre-4.6.2 in ImageMagick handler has been identified. Upgrade to 4.6.2, use GD handler, and sanitize user inputs.#cve,CVE-2025-54418,#cybersecurity https://t.co/JEVXZ1XInJ https://t.co/A3a3U6uZ

    @CveFindCom

    28 Jul 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes