Last updated on March 20, 2025 at 09:59 am
We’re aware of a vulnerability impacting Windows users. CVE-2024-4577 is a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows.Â
Successful exploitation enables unauthenticated attackers to execute arbitrary code and can lead to complete system compromise. The NCSC is aware of active exploitation of this vulnerability.
Systems impacted
This vulnerability impacts all versions of PHP on Windows prior to the versions listed below:
- 8.1.29
- 8.2.20
- 8.3.8
Remediation advice
Bug fixes for impacted versions are available on the vendor website. Schools are encouraged to update to the versions listed above.
For more information please refer to the vendor’s website for more information.