CVE-2025-67887 - Vulnerability Details

- Remote Code Execution via Translate Module File Upload in 1C‑Bitrix 25.100.500

Description

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.

Published: 2026-05-08

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An actor with SOURCE/WRITE permissions in the Translate Module can upload a PHP file together with a .htaccess file, causing the web server to execute the uploaded code. The flaw is a code execution vulnerability (CWE‑94) that allows arbitrary PHP code to run, compromising the web application and the underlying host.

Affected Systems

All 1C‑Bitrix installations up to and including version 25.100.500 that have the Translate Module enabled and grant any user the SOURCE/WRITE permission are affected. No information about vulnerability presence in later versions is listed in the advisory.

Risk and Exploitability

The CVSS score of 9.8 classifies this issue as critical, allowing remote code execution. The EPSS score is below 1 %, indicating a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers would target the web interface of the Translate Module and require a user account that holds SOURCE/WRITE privileges; no additional prerequisites are mentioned.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

1c-bitrix

100%

Version	Status	Scheme	Platform
`[0,25.100.500]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for vendor updates or patches for 1C‑Bitrix version 25.100.500 and apply any available fix
Limit SOURCE/WRITE permissions on the Translate Module to trusted administrators only
Configure file upload logic to reject all PHP and .htaccess files or enforce strict MIME‑type and file‑extension checks
Enforce web‑server rules that disallow execution of uploaded files in the translation directory

Generated by OpenCVE AI on May 12, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Dec/22
https://dev.1c-bitrix.ru/api_help/translate/index.php
https://dev.1c-bitrix.ru/learning/course/?COURSE_ID=43&LESSON_ID=3055
https://karmainsecurity.com/pocs/CVE-2025-67887.php
https://seclists.org/fulldisclosure/2025/Dec/22
https://www.1c-bitrix.ru/support/index.php

History

Sun, 17 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		1c-bitrix 1c-bitrix 1c-bitrix
Vendors & Products		1c-bitrix 1c-bitrix 1c-bitrix

Wed, 13 May 2026 07:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 May 2026 01:45:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via Translate Module File Upload in 1C‑Bitrix 25.100.500

Tue, 12 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title	Remote Code Execution via Upload of PHP and .htaccess in 1C‑Bitrix Translate Module
Weaknesses	CWE-434

Mon, 11 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-94
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 08 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via Upload of PHP and .htaccess in 1C‑Bitrix Translate Module
Weaknesses		CWE-434

Fri, 08 May 2026 07:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Dec/22

Fri, 08 May 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged users who can upload new translated pages to the website.
References		https://dev.1c-bitrix.ru/api_help/translate/index.php https://dev.1c-bitrix.ru/learning/course/?COURSE_ID=43&LESSON_ID=3055 https://karmainsecurity.com/pocs/CVE-2025-67887.php https://seclists.org/fulldisclosure/2025/Dec/22 https://www.1c-bitrix.ru/support/index.php

Subscriptions

1c-bitrix 1c-bitrix

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-08T00:00:00.000Z

Updated: 2026-05-11T19:07:24.400Z

Reserved: 2025-12-12T00:00:00.000Z

Link: CVE-2025-67887

Vulnrichment

Updated: 2026-05-08T05:52:28.158Z

NVD

Status : Awaiting Analysis

Published: 2026-05-08T07:16:28.350

Modified: 2026-05-11T20:25:40.910

Link: CVE-2025-67887

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-17T19:42:42Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object