Critical PHP RCE vulnerability mass exploited in new attacks www.bleepingcomputer.com/news/secu…

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation.

Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to complete system compromise following successful exploitation.

A day after PHP maintainers released CVE-2024-4577 patches on June 7, 2024, WatchTowr Labs released proof-of-concept (PoC) exploit code, and the Shadowserver Foundation reported observing exploitation attempts.

GreyNoise’s warning comes after Cisco Talos revealed earlier that an unknown attacker had exploited the same PHP vulnerability to target Japanese organizations since at least early January 2025.