CVE-2025-64050

High CVSS: 7.2

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

Vendor

Redaxo

Product

Redaxo

CWE

CWE-94

Yayın Tarihi

2025-11-25 16:16:07

Güncelleme

2025-12-03 17:06:43

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Redaxo HIGH Redaxo 2025

Referanslar

https://drive.google.com/drive/folders/1Via4r4wn5zCcBllWmHpxYweCPgcbN0bz?usp=sharing https://github.com/redaxo/redaxo https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64050.md

Benzer Kayıtlar

High

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions ca…

Medium

CVE-2025-66026

REDAXO is a PHP-based CMS. Prior to version 5.20.1, a reflected Cross-Site Scripting (XSS) vulnerability exists in the M…

Medium

CVE-2025-64049

A stored cross-site scripting (XSS) vulnerability in the module management component in REDAXO CMS 5.20.0 allows remote…

Medium

CVE-2025-27411

REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. Thi…

Medium

CVE-2025-27412

REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected…

High

CVE-2024-46210

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitra…