CVE-2025-25691: A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers...
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Security readout for executives and security teams
Plain-English summary
CVE-2025-25691 describes a reported flaw in PrestaShop 8.2.0 where the theme import function can process crafted PHAR content and allow arbitrary code execution. The official CVE metadata says remote, unauthenticated exploitation is possible, but affected-product metadata and remediation details are incomplete.
Executive priority
Prioritize assessment for internet-facing PrestaShop 8.2.0 stores because the reported impact is code execution. Treat urgency as moderate until vendor remediation and real-world exploitation evidence become clearer.
Technical view
The CVE describes PHAR deserialization in /themes/import, mapped to CWE-502 and CWE-77. CVSS 3.1 is 6.5 with AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. Sources do not name a fixed version, vendor advisory, or confirmed exploitation.
Likely exposure
Organizations running PrestaShop 8.2.0 should treat the admin theme import workflow as the primary exposure. The CVE affected-product field is n/a, so exposure beyond the reported version is not established by the provided sources.
Exploitation context
No CISA KEV listing or cited source confirms active exploitation. The public description says arbitrary code execution is possible through a crafted POST request, but this analysis does not validate exploitability or provide reproduction steps.
Researcher notes
The record is thin: affected vendor/product fields are n/a, and one reference appears to be a non-vendor proof-oriented repository. Validate against upstream PrestaShop commits or advisories before making broad version claims.
Mitigation direction
Check PrestaShop vendor guidance for a fixed version or official workaround.
Inventory any PrestaShop 8.2.0 deployments and prioritize review.
Restrict administrative theme import access to trusted users and networks.
Avoid using theme imports from untrusted sources until remediation is confirmed.
Review recent theme uploads and unexpected administrative changes.
Validation and detection
Confirm whether any deployed store runs PrestaShop 8.2.0.
Identify whether the theme import route is reachable in each environment.
Review access logs for unusual POST activity against theme import paths.
Check recent uploaded themes for unexpected files or provenance gaps.
Monitor vendor advisories and CVE updates for corrected affected-version data.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-502: Code execution behavior lookup
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Command injection weaknesses can lead defenders to review execution techniques and command interpreter telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
3Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-502 · source CWE mapping
Deserialization of Untrusted Data
Deserialization of Untrusted Data represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Improper Neutralization of Special Elements used in a Command ('Command Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.