What is CVE-2025-30091?

CVE-2025-30091 is a vulnerability in Tiny Moxiemanager Php, classified under Improper Neutralization of Directives in Statically Saved Code (Static Code Injection). Published 2025-03-25.

Is CVE-2025-30091 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tiny Moxiemanager Php

CVE-2025-30091

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be in…

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

Affected products

Tiny Moxiemanager Php — versions 0

Weakness classification (CWE)

CWE-96 — Improper Neutralization of Directives in Statically Saved Code (Static Code Injection)

Public proof-of-concept exploits

pyguerder/CVE

References

www.moxiemanager.com/documentation/SEC-1063.php
www.moxiemanager.com/changelog/

Frequently asked questions

What is CVE-2025-30091?: CVE-2025-30091 is a vulnerability in Tiny Moxiemanager Php, classified under Improper Neutralization of Directives in Statically Saved Code (Static Code Injection). Published 2025-03-25.
Is CVE-2025-30091 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.