CVE-2025-54815

High CVSS: 8.8

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.

Vendor

Product

CWE

Yayın Tarihi

2025-09-19 20:15:39

Güncelleme

2025-09-25 19:33:57

Source Identifier

cve@mitre.org

KEV Date Added

CWE-94 Ppress HIGH Yandaozi 2025

https://github.com/quarter77/PPress-CMS_vulnerability_chain_details/blob/main/CVE-2025-54815%20Details.md https://github.com/yandaozi/PPress/releases/tag/v0.0.9-beta

High

CVE-2025-52159

Hardcoded credentials in default configuration of PPress 0.0.9.

High

CVE-2025-54761

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.

Medium

CVE-2025-25973

A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote a…