CVE-2025-62524— PILOS Exposes PHP version
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-62524
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PILOS Exposes PHP version
Source: NVD (National Vulnerability Database)
Vulnerability Description
PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s base image. Additionally, the PHP version can also be inferred through the PILOS version displayed in the footer and by examining the source code available on GitHub. This information disclosure vulnerability has been patched in PILOS in v4.8.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
PILOS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PILOS是THM开源的一个前端软件。 PILOS 4.8.0之前版本存在安全漏洞,该漏洞源于暴露PHP版本信息,可能导致服务器指纹识别和信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| THM-Health | PILOS | < 4.8.0 | - |
II. Public POCs for CVE-2025-62524
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-62524
请登录查看更多情报信息。
- Exposed PHP version · Advisory · THM-Health/PILOS · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2025-62524
Same Patch Batch · THM-Health · 2025-10-27 · 3 CVEs total
| CVE-2025-62523 | 6.3 MEDIUM | PILOS Misconfigured the Access-Control-Allow-Origin Header |
| CVE-2025-62781 | 5.0 MEDIUM | PILOS is missing session regeneration after password change |
IV. Related Vulnerabilities
Same product: PILOS
Same vendor: THM-Health
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2025-62524
No comments yet