Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Command Injection Vulnerability in CodeIgniter4 ImageMagick Handler, Patch Immediately!
Image
Published : 29/07/2025
* Last update: 29/07/2025
* Affected software:: CodeIgniter4
* Type: Remote Code Execution (RCE)
* CVE/CVSS
→ CVE-2025-54418: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Security bulletin https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-9952-gv64-x94c
NVD https://nvd.nist.gov/vuln/detail/CVE-2025-54418
Risks
Successful exploitation of command injection vulnerability CVE-2025-54418 affecting the CodeIgniter4 framework can result in code execution on the underlying OS within the scope of the web user. This could allow attackers to bypass security controls, steal sensitive data, and disrupt core operations. The impact spans confidentiality, integrity, and availability risking data breaches, full system compromise, and operational downtime.
Description
CodeIgniter4 is an open-source PHP framework designed for building web applications.
A command‑injection vulnerability (CVE‑2025‑54418) has been identified in CodeIgniter’s ImageManipulation component when using the ImageMagick image handler. Since GD is the default image handler, this concerns a non-default setup.
Attackers can exploit unsafe handling of user‑supplied input in two scenarios:
• File upload with user-controlled filenames: uploading files whose filenames include shell metacharacters that are passed unsanitised to ImageMagick
• Text overlay operations: using the text() method with unvalidated user-controlled content or options.
Successful exploitation allows execution of arbitrary server commands under the web‑server user account, potentially leading to data theft, further pivoting, or server takeover. The risk is elevated in shared hosting or public facing environments.
To date, no public reports exist of this vulnerability being exploited in the wild.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Mitigate
When patching is not immediately possible, please implement one or more of the mitigations listed in the security bulletin referenced at the start of this advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-9952-gv64-x94c
https://nvd.nist.gov/vuln/detail/CVE-2025-54418