CVE-2025-65271

EPSS 0.08%
Veröffentlicht 08.12.2025 00:00:00
Zuletzt bearbeitet 12.12.2025 15:11:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Azuriom ≫ Azuriom Version < 1.2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/Azuriom/Azuriom

Product

https://www.github.com/Azuriom/Azuriom

Product

https://github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec

Patch

https://www.github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec

Patch

https://github.com/1337Skid/CVE-2025-65271

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-65271

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65271

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65271

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-65271