Critical Imunify360 AV Vulnerability Exposes 56 Million Linux-hosted Websites to RCE Attacks

Posted on By CWS

A extreme distant code execution (RCE) vulnerability has been found in Imunify360 AV, a broadly used malware scanner defending roughly 56 million web sites.

The safety flaw, just lately patched by CloudLinux, permits attackers to execute arbitrary instructions and probably take full management of internet hosting servers.

Patchstack researchers found a flaw in Imunify360 AV’s deobfuscation logic used to investigate malicious PHP code.

Imunify360 AV RCE Vulnerability

Attackers can create specifically encoded PHP information that mislead the scanner into executing dangerous features, comparable to system(), exec(), or eval(), throughout evaluation.

As a result of the scanner sometimes runs with root privileges, profitable exploitation may end up in an entire server takeover.

The Patchstack evaluation highlights a regarding flaw: deobfuscation is robotically enabled within the default configuration of Imunify360 AV for all scan varieties.

AttributeDetailsVulnerability TypeRemote Code Execution (RCE)Product AffectedImunify360 AV (AI-Bolit)Affected VersionsPrior to v32.7.4.0Patched Versionv32.7.4.0 and later

Together with background scans, on-demand scans, and fast account scans. This implies susceptible programs are constantly in danger at any time when the scanner operates. On shared internet hosting environments, this vulnerability poses distinctive hazard.

Attackers who compromise a single web site can escalate privileges to realize root entry, compromising each web site and buyer on the identical server.

This lateral motion functionality makes the vulnerability particularly extreme for internet hosting suppliers serving a number of shoppers. CloudLinux launched a patch on October 21, 2025, however has notably not issued a proper CVE task or safety advisory.

Details about the vulnerability appeared on their Zendesk help web page on November 4, 2025, despite the fact that exploitation particulars had been circulating since late October.

Patchstack consultants suggest internet hosting firms not solely patch instantly but in addition examine whether or not their servers have already been compromised.

Internet hosting firms ought to improve to Imunify360 AV model 32.7.4.0 or later directly and conduct forensic checks for indicators of exploitation on their infrastructure.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Chinese Hackers Weaponized Nezha Tool to Execute Commands on Web Server Cyber Security News
Sweet Security Brings Runtime-CNAPP Power to Windows Cyber Security News
Microsoft Confirms Recent Windows 11 24H2 Security Update Not Causing SSD/HDD Failures Cyber Security News
OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites Cyber Security News
CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks Cyber Security News
CISA Issues ICS Advisories for Rockwell Automation, VMware, and Güralp Seismic Monitoring Systems Cyber Security News