Security Advisory: Imunify AI-Bolit Vulnerability

Nov 17, 2025 4:41:41 PM

Imunify Security, Product Owner

Security Advisory: Imunify AI-Bolit Vulnerability

We are issuing this security advisory regarding a vulnerability discovered in the AI-Bolit component of Imunify products. A patch for this vulnerability was released on October 23, 2025, and has already been automatically deployed to the vast majority of servers.

imunify_aibolit_security_advisory

Summary

A vulnerability was discovered and reported to us via responsible disclosure.
We immediately developed a security patch. That patch was released on October 23, 2025.
As of November 17, 2025, the vast majority of Imunify servers have already been automatically updated and secured.
We have no evidence of this vulnerability being exploited in the wild.
No suspicious activity has been reported by any customer.

Affected Products

Products: Imunify360, ImunifyAV+, ImunifyAV
Component: AI-Bolit
Versions: before 32.7.4-1

Vulnerability Details

The vulnerability was found in the deobfuscation logic of the AI-Bolit component. An attacker could craft a malicious payload that could cause the scanner to execute arbitrary code and escalate privileges to root.

In ai-bolit-hoster.php, the deobfuscation functions deobfuscateDeltaOrd and deobfuscateEvalHexFunc call Helpers::executeWrapper() (which wraps call_user_func_array()) on strings extracted directly from scanned files.

Because these strings were not filtered by Helpers::convcrafted payload could invoke arbitrary PHP functions.

This vulnerability had two potential attack vectors: one via file scanning and another via database scanning. Our patch resolved both of these vectors simultaneously. It does this by implementing a strict whitelist of safe functions that the deobfuscator is permitted to call.

A CVE ID is pending assignment for this vulnerability.

Recommended Action

Upgrade ai-bolit package to version 32.7.4-1 or later:

yum update ai-bolit

For Debian based package managers:

apt-get update
apt-get install –only-upgrade ai-bolit

For CentOS 6:
A backported fix is available as version 32.1.10-2.32.7.4.

Version Check

To check what version of AI-Bolit is installed, use the following CLI commands:

For CentOS/CloudLinux/AlmaLinux:

rpm -qa | grep ai-bolit

For Debian/Ubuntu:

dpkg -l | grep ai-bolit

Temporary Workaround

If you are unable to upgrade AI-Bolit right away, there is a temporary workaround. Disable all types of file scans (scheduled, real-time, FTP scans, ModSecurity uploads) until the patch is applied.

You can do this by editing your configuration files to set the following:

MALWARE_SCANNING:
enable_scan_pure_ftpd: False
enable_scan_modsec: False
scan_modified_files: False
enable_scan_cpanel: False
crontabs: False

MALWARE_SCAN_SCHEDULE:
interval: ‘NONE’

PERMISSIONS:
allow_malware_scan: False

Or allow scheduled scans to trusted users only.

Security Philosophy

Our primary responsibility is to fix problems and secure our customers. Announcing a vulnerability before a patch is widely deployed is irresponsible and serves only to help attackers. Our process is to:

Find and fix the issue.
Deploy the patch silently and automatically to protect the maximum number of users.
Proactively contact any users who have not updated automatically.
Once our users are secure, we disclose the matter publicly.

This incident also highlights the importance of automatic updates. They are the single best way to ensure your servers are protected from threats the moment a patch is available. Please ensure auto-updates are enabled in your environment.

Acknowledgements

We thank Aleksejs Popovs for responsibly reporting this vulnerability and coordinating disclosure with the Imunify team.

References

CVE assignment pending
Imunify changelog

If you have any questions, please contact our support team.

Security Advisory: Imunify AI-Bolit Vulnerability

Nov 17, 2025 4:41:41 PM

Dmitry Tkachuk

imunify_aibolit_security_advisory

Summary

A vulnerability was discovered and reported to us via responsible disclosure.
We immediately developed a security patch. That patch was released on October 23, 2025.
As of November 17, 2025, the vast majority of Imunify servers have already been automatically updated and secured.
We have no evidence of this vulnerability being exploited in the wild.
No suspicious activity has been reported by any customer.

Affected Products

Products: Imunify360, ImunifyAV+, ImunifyAV
Component: AI-Bolit
Versions: before 32.7.4-1

Vulnerability Details

Because these strings were not filtered by Helpers::convcrafted payload could invoke arbitrary PHP functions.

A CVE ID is pending assignment for this vulnerability.

Recommended Action

Upgrade ai-bolit package to version 32.7.4-1 or later:

yum update ai-bolit

For Debian based package managers:

apt-get update
apt-get install –only-upgrade ai-bolit

For CentOS 6:
A backported fix is available as version 32.1.10-2.32.7.4.

Version Check

To check what version of AI-Bolit is installed, use the following CLI commands:

For CentOS/CloudLinux/AlmaLinux:

rpm -qa | grep ai-bolit

For Debian/Ubuntu:

dpkg -l | grep ai-bolit

Temporary Workaround

If you are unable to upgrade AI-Bolit right away, there is a temporary workaround. Disable all types of file scans (scheduled, real-time, FTP scans, ModSecurity uploads) until the patch is applied.

You can do this by editing your configuration files to set the following:

MALWARE_SCANNING:
enable_scan_pure_ftpd: False
enable_scan_modsec: False
scan_modified_files: False
enable_scan_cpanel: False
crontabs: False

MALWARE_SCAN_SCHEDULE:
interval: ‘NONE’

PERMISSIONS:
allow_malware_scan: False

Or allow scheduled scans to trusted users only.

Security Philosophy

Find and fix the issue.
Deploy the patch silently and automatically to protect the maximum number of users.
Proactively contact any users who have not updated automatically.
Once our users are secure, we disclose the matter publicly.

Acknowledgements

We thank Aleksejs Popovs for responsibly reporting this vulnerability and coordinating disclosure with the Imunify team.

References

CVE assignment pending
Imunify changelog

If you have any questions, please contact our support team.

]]>

💼 Buy Licenses at the Best Price in Argentina! 🚀

At Full Tech Solutions, we offer Affordable Software Licenses that are 100% genuine, perfect for entrepreneurs, businesses, and developers looking for reliable tools without overspending.

💰 Affordable Prices: Save on licenses without sacrificing quality.
✅ 100% Genuine: Authenticity guaranteed with official support.
⚙️ Wide Range of Software: Find everything your business needs.
📞 24/7 Assistance: Expert support every step of the installation.

Don’t overpay for your licenses. Choose Full Tech Solutions and get the best software licenses in Argentina.

🌐 Optimize your business with the best digital tools!

Source Link

Security Advisory: Imunify AI-Bolit Vulnerability

Security Advisory: Imunify AI-Bolit Vulnerability

Summary

Affected Products

Vulnerability Details

Recommended Action

Version Check

Temporary Workaround

Security Philosophy

Acknowledgements

References

Security Advisory: Imunify AI-Bolit Vulnerability

Summary

Affected Products

Vulnerability Details

Recommended Action

Version Check

Temporary Workaround

Security Philosophy

Acknowledgements

References

PRODUCTS

KEY FEATURES

RESOURCES

COMPANY

Contact Us

💼 Buy Licenses at the Best Price in Argentina! 🚀

Leave a Comment Cancel

Read Next

How Hosting Providers Can Turn Black Friday Into a Margin Advantage

CloudLinux OS 10 is Now Available for Non-panel and Custom Panel Installations

Take Our 2026 Industry Year in Review Survey