{"id":208685,"date":"2025-03-14T09:21:57","date_gmt":"2025-03-14T14:21:57","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/critical-php-rce-vulnerability-mass-exploited-in-new-attacks"},"modified":"2025-03-14T09:21:57","modified_gmt":"2025-03-14T14:21:57","slug":"critical-php-rce-vulnerability-mass-exploited-in-new-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/critical-php-rce-vulnerability-mass-exploited-in-new-attacks","title":{"rendered":"Critical PHP RCE vulnerability mass exploited in new attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/critical-php-rce-vulnerability-mass-exploited-in-new-attacks.jpg\"><\/a><\/p>\n<p>Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation.<\/p>\n<p>Tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-4577\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2024\u20134577<\/a>, this PHP-CGI argument injection flaw was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows\/\" target=\"_blank\" rel=\"nofollow noopener\">patched in June 2024<\/a> and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to complete system compromise following successful exploitation.<\/p>\n<p>A day after PHP maintainers released CVE-2024\u20134577 patches on June 7, 2024, WatchTowr Labs released proof-of-concept (PoC) <a href=\"https:\/\/github.com\/watchtowrlabs\/CVE-2024-4577\" target=\"_blank\" rel=\"nofollow noopener\">exploit code<\/a>, and the Shadowserver Foundation reported <a href=\"https:\/\/twitter.com\/Shadowserver\/status\/1799053497490698548\" target=\"_blank\" rel=\"nofollow noopener\">observing exploitation attempts<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024\u20134577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-208685","post","type-post","status-publish","format-standard","hentry","category-futurism"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/208685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=208685"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/208685\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=208685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=208685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=208685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}