A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
https://github.com/PrestaShop/PrestaShop
https://github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25692.md