To protect your development environment, you should immediately update to a patched version. The Apache Friends team released fixes starting with version and newer.
: While patched in later sub-versions, earlier releases in the 7.4.x branch allowed unprivileged users to modify the xampp-control.ini file. By changing the default editor path to a malicious executable, an attacker could achieve Remote Code Execution (RCE) or privilege escalation when an administrator interacts with the control panel. xampp for windows 7429 exploit link
While XAMPP version for Windows is a relatively stable release from 2022, it is susceptible to several critical vulnerabilities that affect the underlying components (PHP, Apache, MariaDB) or the XAMPP control panel itself. To protect your development environment