CVE-2025-64050
HIGH7.2EPSS 0.58%REDAXO CMS is vulnerable to RCE attack through its template management component
發布日:2025/11/25修改日:2025/11/26
描述
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.
受影響套件(1)
- Packagist/redaxo/sourcefrom 0, < 5.20.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-64050
- PATCHhttps://github.com/redaxo/redaxo
- WEBhttps://drive.google.com/drive/folders/1Via4r4wn5zCcBllWmHpxYweCPgcbN0bz?usp=sharing
- WEBhttps://github.com/redaxo/redaxo/pull/6372/commits/bc96462e20f7e651b2e6c3bb59d141d5cb09af0f
- WEBhttps://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64050.md