CVE advisoryCRITICAL
CVE-2025-34292
Rox PHP Object Injection leading to Remote Code Execution
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Rox, the software for BeWelcome, has a critical PHP object injection vulnerability from untrusted data deserialization. Attackers could achieve arbitrary file writes or remote code execution, potentially leading to full site compromise. This is reachable via web interactions and requires attention due to its critical i