CVE-2025-32101 Scanner

UNA CMS is a flexible content management platform often used for creating social networks, communities, and collaboration platforms. A critical vulnerability has been identified in version 14.0.0-RC of UNA CMS, where the `profile_id` parameter in the `/menu.php` endpoint is passed unsanitized to the PHP `unserialize()` function.

This flaw, located within the `BxBaseMenuSetAclLevel::getCode()` method in `/template/scripts/BxBaseMenuSetAclLevel.php`, allows for injection of malicious serialized PHP objects. Exploiting this vulnerability can result in arbitrary file creation, execution of malicious payloads, and full remote code execution (RCE).

The PoC demonstrates an attack leveraging the Guzzle PHP package's `FileCookieJar` and `SetCookie` classes to write a malicious PHP web shell to the `cache_public` directory. Once written, the attacker can trigger remote code execution by issuing a GET request to the web shell, passing arbitrary system commands encoded in base64 via a custom header.

As the attack requires no authentication and can lead to full server compromise, this vulnerability is considered critical and should be addressed immediately.

REFERENCES

• https://www.exploit-db.com/exploits/52139
• https://karmainsecurity.com/KIS-2025-01