CVE-2025-34292 — Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POS — CVE Database · The Intelligence Room