PrestaShop Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2025-25691)
Description
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.