How severe is CVE-2025-52122?

CVE-2025-52122 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-52122

Name: freeform
Author: solspace

9.8CRITICAL

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editin

Veröffentlicht: 8/27/2025Aktualisiert: 9/9/2025

Beschreibung

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

KI-AnalyseKI-gestützt

Betroffene Produkte

solspacefreeform

Referenzen

https://github.com/TimTrademark/CVE-2025-52122
ExploitThird Party Advisory
https://github.com/TimTrademark/CVE-CraftCMS-Freeform
ExploitThird Party Advisory