Security Advisory

CVE-2025-70364

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 00:00:00
Last updated 2026-07-05 14:23:56
Assigner mitre
State PUBLISHED

Description

An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Suppliers position is that this is "a historical and intended administrative feature of the product, accessible only to already authenticated users explicitly granted administrator privileges." However, restrictions on some PHP functions were added in 8.4.