Critical Imunify360 AV Vulnerability Exposes 56 Million Linux-hosted Websites to RCE Attacks

Posted on By CWS

A extreme distant code execution (RCE) vulnerability has been found in Imunify360 AV, a broadly used malware scanner defending roughly 56 million web sites.

The safety flaw, just lately patched by CloudLinux, permits attackers to execute arbitrary instructions and probably take full management of internet hosting servers.

Patchstack researchers found a flaw in Imunify360 AV’s deobfuscation logic used to investigate malicious PHP code.

Imunify360 AV RCE Vulnerability

Attackers can create specifically encoded PHP information that mislead the scanner into executing dangerous features, comparable to system(), exec(), or eval(), throughout evaluation.

As a result of the scanner sometimes runs with root privileges, profitable exploitation may end up in an entire server takeover.

The Patchstack evaluation highlights a regarding flaw: deobfuscation is robotically enabled within the default configuration of Imunify360 AV for all scan varieties.

AttributeDetailsVulnerability TypeRemote Code Execution (RCE)Product AffectedImunify360 AV (AI-Bolit)Affected VersionsPrior to v32.7.4.0Patched Versionv32.7.4.0 and later

Together with background scans, on-demand scans, and fast account scans. This implies susceptible programs are constantly in danger at any time when the scanner operates. On shared internet hosting environments, this vulnerability poses distinctive hazard.

Attackers who compromise a single web site can escalate privileges to realize root entry, compromising each web site and buyer on the identical server.

This lateral motion functionality makes the vulnerability particularly extreme for internet hosting suppliers serving a number of shoppers. CloudLinux launched a patch on October 21, 2025, however has notably not issued a proper CVE task or safety advisory.

Details about the vulnerability appeared on their Zendesk help web page on November 4, 2025, despite the fact that exploitation particulars had been circulating since late October.

Patchstack consultants suggest internet hosting firms not solely patch instantly but in addition examine whether or not their servers have already been compromised.

Internet hosting firms ought to improve to Imunify360 AV model 32.7.4.0 or later directly and conduct forensic checks for indicators of exploitation on their infrastructure.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

What is ClickFix Attack – How Hackers are Using it to Attack User Device With Malware Cyber Security News
Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error Cyber Security News
Microsoft Rolls Out Windows 11 Cumulative Updates KB5058411 and KB5058405 Cyber Security News
New BRAODO Stealer Campaign Abuses GitHub To Host Payloads And Evade Detection  Cyber Security News
OpenAI Banned ChatGPT Accounts Used by Chinese Hackers to Develop Malware Cyber Security News
New Spear-Phishing Attack Targeting Financial Executives by Deploying NetBird Malware Cyber Security News