How severe is CVE-2025-60355?

CVE-2025-60355 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-60355

Name: oneblog
Author: zhyd

9.8CRITICAL

Veröffentlicht: 10/28/2025Aktualisiert: 1/8/2026

zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

zhydoneblog

https://github.com/line2222/vuln/issues/4
ExploitIssue TrackingThird Party Advisory