CVE-2025-67164

Summary

Pagekit CMS is vulnerable to OS Command Injection via Storage component

Severity

critical

EPSS

0.4% (p36)

Also known as

GHSA-m4f2-xpfq-h97v

Published

2025-12-17

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-67164
• https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67164
• https://github.com/pagekit/pagekit

Related advisories

• CVE-2025-67165 — critical · Packagist/pagekit/pagekit
• CVE-2024-45967 — medium · Packagist/pagekit/pagekit

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity