A critical vulnerability in the AI-Bolit malware scanner, part of Imunify security products, could allow attackers to run arbitrary code and gain root access on Linux servers.
Discovered through responsible disclosure, the flaw affects widely used web hosting tools. It puts millions of sites at risk if unpatched.
Imunify released a fix on October 23, 2025, which has been auto-deployed to most servers, with no known exploits in the wild as of November 17, 2025.
The issue stems from unsafe handling of obfuscated code during scans, turning a protective tool into a potential entry point for hackers.
AI-Bolit, designed to detect malware in PHP files, relies on deobfuscation to unpack hidden threats, such as hex-encoded or delta-ord-transformed payloads.
This process involves executing functions extracted directly from scanned content, without proper checks, leading to remote code execution.
Attackers could upload crafted malicious files or inject payloads into databases, triggering the scanner to process them.
Since AI-Bolit often runs with root privileges in Imunify360 environments, successful exploitation could result in full server compromise, data theft, or further lateral movement.
The vulnerability affects file and database scans alike, including products such as Imunify360, ImunifyAV+, and ImunifyAV versions before 32.7.4-1.
Vulnerability Technical Breakdown
At the core, the flaw lies in two deobfuscation functions within ai-bolit-hoster.php: deobfuscateDeltaOrd and deobfuscateEvalHexFunc.
These routines parse obfuscated strings from malware samples and pass them to Helpers::executeWrapper(), which uses call_user_func_array to invoke them as PHP functions.
Without filtering, an attacker could embed strings like “system” or “exec” in a payload, forcing the scanner to run shell commands on arbitrary input.
For example, a hex-encoded eval pattern might match AI-Bolit’s signatures, causing it to decode and execute attacker-supplied code during routine scans, such as real-time file monitoring or FTP uploads.
This bypasses typical web app firewalls because execution occurs server-side in the scanning engine rather than on the website itself.
The deobfuscation is always enabled in Imunify’s integrated modes, making exploitation straightforward if a payload reaches the scanner.
Researcher Aleksejs Popovs identified this through analysis of the tool’s heuristics for standard obfuscation techniques, like base64 chains or custom transformations.
While detection is tricky due to the payloads’ stealth, the risk is high in shared hosting setups where Imunify protects over 6 million servers.
A CVE ID is pending, but the issue echoes past flaws, such as CVE-2021-21956, in earlier versions of Imunify.
Patch Deployment and Mitigation Steps
Imunify’s response prioritized silent patching to avoid tipping off attackers and automatically deploying the update via its auto-update system.
The fix introduces a strict allowlist of safe functions, blocking dangerous calls like eval or shell_exec in the deobfuscator.
Users on CentOS, CloudLinux, or AlmaLinux can update with “yum update ai-bolit”.
At the same time, Debian-based systems use “apt-get install –only-upgrade ai-bolit”. For older CentOS 6, a backported version 32.1.10-2.32.7.4 is available.
To verify installation, run “rpm -qa | grep ai-bolit” on RPM systems or “dpkg -l | grep ai-bolit” on Debian.
If updates are delayed, temporarily turn off scans by setting the MALWARE_SCANNING options to false in config files, including enable_scan_pure_ftpd, scan_modified_files, and crontabs.
Limit scans to trusted users or set MALWARE_SCAN_SCHEDULE interval to ‘NONE’ for added safety.
This incident underscores the irony of security tools becoming vulnerabilities, highlighting the need for automatic updates in hosting environments.
Imunify reports no customer impacts, but admins should monitor logs for anomalies and ensure patches are applied promptly to safeguard against potential zero-day abuse.
