{"id":225063,"date":"2025-11-14T01:16:10","date_gmt":"2025-11-14T07:16:10","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk"},"modified":"2025-11-14T01:16:10","modified_gmt":"2025-11-14T07:16:10","slug":"rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk","title":{"rendered":"RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk.jpg\"><\/a><\/p>\n<p>The ImunifyAV malware scanner for Linux servers, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment.<\/p>\n<p>The issue affects versions of the AI-bolit malware scanning component prior to 32.7.4.0. The component is present in the Imunify360 suite, the paid ImunifyAV+, and in ImunifyAV, the free version of the malware scanner.<\/p>\n<p>According to security firm <a href=\"https:\/\/patchstack.com\/articles\/remote-code-execution-vulnerability-found-in-imunify360\/\" target=\"_blank\" rel=\"nofollow noopener\">Patchstack<\/a>, the vulnerability has been known since late October, when ImunifyAV\u2019s vendor, CloudLinux, released fixes. Currently, the flaw has not been assigned an identifier.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ImunifyAV malware scanner for Linux servers, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. The issue affects versions of the AI-bolit malware scanning component prior to 32.7.4.0. The component is present in the Imunify360 suite, the paid ImunifyAV+, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6],"tags":[],"class_list":["post-225063","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=225063"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225063\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=225063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=225063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=225063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}