From the webpage screenshot, the following key vulnerability information can be obtained: ### Vulnerability Overview - **Vulnerability Type**: Insecure Deserialization (CWE-502) - **Affected Component**: PHPT Test Runner, method `cleanupForCoverage()` - **Affected Versions**: <= 8.5.51, <= 9.6.32, <= 10.5.61, <= 11.5.49, <= 12.5.7 - **Fixed Versions**: 8.5.52, 9.6.33, 10.5.62, 11.5.50, 12.5.8 ### Vulnerability Details - **CVE ID**: CVE-2026-24765 - **CVSS 3.1 Score**: 7.8/10 - **Vulnerability Description**: Insecure deserialization of code coverage data during PHPT test execution. The vulnerability resides in the `cleanupForCoverage()` method, which deserializes coverage files without validation. If a malicious `.coverage` file exists before PHPT test execution, it may lead to remote code execution. ### Vulnerability Pattern ```php if ($buffer !== false) { // Unsafe call, no restrictions $coverage = @unserialize($buffer); } ``` ### Attack Prerequisites and Constraints - **Attack Prerequisites**: Requires local file write access to the location where PHPUnit stores or expects to store code coverage files for PHPT tests. - **Attack Scenarios**: - CI/CD pipeline attacks - Local development environments - Compromised dependencies ### Recommended Remediation - Stop silently sanitizing input; instead, treat pre-existing `.coverage` files as error conditions. ### Severity Classification & Mitigation Measures - **Mitigation Measures**: Upgrade to patched versions, and ensure proper configuration of CI/CD environments.