- Knowledge base
- Security updates
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
System & Network Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS ASV scans
-
Terms & conditions
-
Dashboard
-
Partner Portal
2025-08-12: Newly-discovered critical CodeIgniter4 flaw requires immediate action
A critical CodeIgniter4 vulnerability requires immediate action
A newly-disclosed critical vulnerability in CodeIgniter4 (versions before 4.6.2) puts many websites and applications at risk of complete server compromise. The flaw, tracked as CVE-2025-54418 and rated CVSS 9.8 (Critical), affects systems using the ImageMagick (imagick) image handler for processing images.
How the vulnerability works
The vulnerability stems from insufficient input sanitization in two commonly used image functions - resize() and text(). These functions can be tricked into executing system commands if they are given specially-crafted input:
- Attackers can use malicious image filenames containing shell metacharacters (e.g., ;, |, `) to inject arbitrary commands during image processing.
- Criminals can use user-supplied text (such as captions or watermarks) to break out of normal processing and execute malicious code on the server.
Since ImageMagick operates at the system level for advanced image manipulation, any injected command runs with the same permissions as the web server, giving attackers the ability to steal data, modify content, or even take the server offline.
Why this is so dangerous
This is a remote unauthenticated vulnerability, meaning an attacker does not need an account, password, or any special access to exploit the flaw. They can exploit a vulnerable application that accepts image uploads or applies text to images simply by sending a malicious file or crafted text input.
The risk level is significant given the high CVSS score, the fact that exploitation requires no user interaction, and the wide use of CodeIgniter4 in public-facing applications. Attackers could automate scanning for vulnerable sites and exploit them at scale.
Mitigation and next steps
The recommended action is to update immediately to the patched CodeIgniter4 version 4.6.2 or later. If updating is not immediately possible, the following temporary measures can reduce risk:
- Switch to the GD image handler (the default in CodeIgniter4) instead of ImageMagick.
- Generate random file names for uploads (using getRandomName() or the store() method).
- Sanitize all text inputs for image functions by removing unsafe characters using a whitelist approach.
Holm Security's response
Holm Security is actively working on detection capabilities for CVE-2025-54418. A dedicated plugin will be released as soon as testing is complete to help identify vulnerable systems in customer environments.