Security Advisory
CVE-2025-70364
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Suppliers position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.