CVE-2025-52891 cPanel CVE debrief

Who should care

Administrators and operators of cPanel/WHM systems that use EasyApache 4, especially environments running PHP 8.4, 8.3, 8.2, or 8.1 packages delivered through the vendor’s release channel.

Technical summary

The vendor release note for EasyApache 4 25.22 says the update includes security fixes for ModSecurity 2 and multiple PHP versions, and explicitly references CVE-2025-52891. The corpus does not include a CVSS score, exploitability details, affected code path, or a description of attack prerequisites. Based on the supplied source, the actionable takeaway is that the vulnerability is being remediated through the updated EasyApache 4 packages rather than through a separate workaround.

Defensive priority

Prompt. Treat this as a security maintenance update for exposed cPanel/WHM hosts using EasyApache 4 PHP packages. Because the vendor has published a security release that names the CVE, patch verification should be prioritized over routine maintenance scheduling.

Recommended defensive actions

• Upgrade to EasyApache 4 25.22 or later on affected cPanel/WHM systems.
• Verify that the installed PHP packages match the vendor-fixed release channel for your supported PHP versions.
• Review the EasyApache 4 change log and release notes for any package-specific follow-up guidance.
• Validate the update in staging if your hosting stack depends on custom PHP extensions or tightly pinned package versions.
• Document patch completion for hosts that expose web applications through EasyApache 4-managed PHP.

Evidence notes

The only supplied technical detail is from the vendor’s EasyApache 4 25.22 release note, which states that the update includes security fixes for PHP 8.4, 8.3, 8.2, and 8.1 and names CVE-2025-52891 among the addressed issues. The supplied corpus does not include a CVE description from CVE.org or NVD text, nor any published CVSS, exploitation, or timeline data. No published/modified dates were provided in the source fields.

Official resources