CVE-2025-14731

Exploit

EPSS 0.38%
Veröffentlicht 15.12.2025 23:32:09
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

CTCMS Content Management System Frontend/Template Management CT_Parser.php special elements used in a template engine

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ctcms Project ≫ Ctcms Version <= 2.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.294

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

CWE-791 Incomplete Filtering of Special Elements

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

https://vuldb.com/?id.336488

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.336488

VDB Entry

Permissions Required

https://vuldb.com/?submit.707106

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.707107

Third Party Advisory

VDB Entry

https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN

Third Party Advisory

Exploit

https://note-hxlab.wetolink.com/share/U6cnRoRfn09r

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-14731

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14731

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14731

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14731