Ethical Hacking News
Millions of websites are at risk from a critical flaw in Imunify360 that allows attackers to execute arbitrary code via malicious file uploads. The vulnerability, which was publicly available on CloudLinux's Zendesk since November 4, 2025, has not yet been patched by the software developer.
Millions of websites are vulnerable to a critical flaw in Imunify360 due to an exploited deobfuscation logic vulnerability. The vulnerability, discovered on November 4, 2025, allows attackers to execute arbitrary code and potentially gain full server control in shared hosting environments. The patch for the vulnerability was released by CloudLinux on October 21, 2025, but users are advised to take precautions until a widely available patch is released. Users can mitigate this risk by regularly updating Imunify360 software, monitoring server logs, and implementing additional security measures such as IDS and firewalls.
Millions of websites are currently under threat from a critical flaw exploit in Imunify360, an all-in-one server security platform developed by CloudLinux. According to a recent report published by Patchstack, the vulnerability affects ImunifyAV/Imunify360 versions prior to v32.7.4.0, allowing attackers to upload malicious files and execute arbitrary code on shared servers.
The flaw was discovered in the deobfuscation logic of the scanner, which executes untrusted functions and payloads extracted from attacker-supplied malware. Attackers can craft obfuscated PHP that mimics Imunify360AV (AI-Bolit) deobfuscation patterns, causing the scanner to execute attacker-controlled functions and system commands. This enables arbitrary code execution, leading to website compromise or full server takeover.
The vulnerability was publicly available on CloudLinux's Zendesk since November 4, 2025, but there has been no statement released by Imunify360 regarding the flaw. It is unclear whether the vulnerability has been actively exploited in the wild. Patchstack researchers have published technical details and a proof-of-concept (PoC) exploit to recommend that hosting providers check for potential compromises.
The impact of this vulnerability is significant, as it can lead to privilege escalation and potentially full host control in shared hosting environments. Additionally, millions of websites are currently protected by Imunify360, making them vulnerable to exploitation.
In response to the vulnerability, CloudLinux has already fixed the issue on October 21, 2025. However, users are advised to take precautions until a patch is released and widely available.
This critical flaw exploit serves as a reminder of the importance of staying vigilant in the face of emerging cybersecurity threats. As our online presence continues to grow, so too do the number of potential vulnerabilities that can be exploited by malicious actors.
To mitigate this risk, users are advised to:
1. Regularly update their Imunify360 software to the latest version.
2. Monitor their server logs for suspicious activity.
3. Implement additional security measures, such as intrusion detection systems (IDS) and firewalls.
By taking these precautions, individuals can help protect themselves against this critical flaw exploit and reduce the risk of website compromise or full server takeover.
Related Information:
https://www.ethicalhackingnews.com/articles/Millions-of-Websites-at-Risk-The-Imunify360-Critical-Flaw-Exploit-ehn.shtml
https://securityaffairs.com/184628/security/millions-of-sites-at-risk-from-imunify360-critical-flaw-exploit.html
https://www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/
https://www.securityweek.com/imunify360-vulnerability-could-expose-millions-of-sites-to-hacking/
https://github.com/KashifHK123/AI-Bolit
Published: Fri Nov 14 09:31:43 2025 by llama3.2 3B Q4_K_M
