A serious security flaw was discovered in the AI-Bolit component of Imunify products. This vulnerability allows attackers to run arbitrary code and even become root on a server.
Imunify released a fix on October 23, 2025, and most servers have already received the automatic update. Currently, there are no reports of hackers exploiting this security flaw.
The flaw was found in the AI-Bolit scanner’s deobfuscation. Attackers could create a special file or database entry.
When AI-Bolit scans this, it could make the scanner run malicious PHP functions, leading to arbitrary code execution as the root user. The issue happened because the scanner used unfiltered input from files and databases.
Imunify AI-Bolit Vulnerability
This unsafe logic allowed hackers to abuse the scanning process if they managed to upload a crafted payload onto a protected server.
The danger came from two PHP functions within AI-Bolit’s code: deobfuscateDeltaOrd and deobfuscateEvalHexFunc.
They passed possibly unsafe strings to Helpers::executeWrapper(), which called those strings directly as PHP functions. Malicious input could run arbitrary code, escalating a hacker’s privileges to root.
The new patch adds strict controls so only safe functions can be called by the deobfuscator. Imunify confirms that there are no signs of this flaw being exploited in real-world attacks.
Imunify security process involves quietly fixing issues first, deploying fixes to users, and publishing advisories like this when it is safe to do so. If you use Imunify products, update the AI-Bolit component as soon as possible.
This will protect you against potential attacks that could allow hackers to run code or become root via crafted files or databases. Always keep automatic updates turned on for maximum safety.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
