CVE-2025-15438 | PluXml up to 5.8.22 Media Management core/admin/medias.php __destruct File deserialization

Uncategorized
Yanac

A vulnerability categorized as critical has been discovered in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing manipulation of the argument File can lead to deserialization.

This vulnerability is tracked as CVE-2025-15438. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was informed early about this issue and announced that “[w]e fix this issue in the next version 5.8.23”. A patch for it is ready.VulDB Recent EntriesRead More