In March 2025, 1C-Bitrix released a new version of the Virtual Machine — 9.0.6. The key change in this update is the fix of a critical vulnerability that allowed elevating the privileges of the bitrix user to the root level. According to the CVSS assessment, the risk level was 8.0 points.
Everyone using the 1C-Bitrix Virtual Machine in their projects is strongly advised to upgrade to the latest version. Staying on an outdated version is unsafe: it increases the likelihood of data compromise and may negatively affect the stability of the system.
How to check the installed Virtual Machine version
Users of the on-premise editions of “1C-Bitrix: Site Manager” and “1C-Bitrix24” running on the VMBitrix platform can easily verify which VM version is installed in their environment.
To do this, you need to:
- Open the administrative panel:
Administration → Settings → Tools → Diagnostics → PHP Command Line
- Execute the following command:
php echo getenv('BITRIX_VA_VER');
After running the command, the system will display the installed version of the Virtual Machine.
1C-Bitrix strengthens cybersecurity measures
The company’s products undergo independent testing by cybersecurity specialists — so-called “white-hat hackers” — who help identify potential vulnerabilities before attackers can exploit them.
All detected vulnerabilities are promptly reported on the official website and in the company’s Telegram channel.
At the moment, no attempts to exploit the vulnerability fixed in version 9.0.6 have been detected. Nevertheless, the company warns: to ensure reliable data protection, all components of the environment must be kept up to date.
Do not postpone the update. Keeping your system current is the key to the stability and security of your project.