How severe is CVE-2025-52122?

CVE-2025-52122 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-52122

Name: freeform
Author: solspace

9.8CRITICAL

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editin

Published: 8/27/2025Updated: 9/9/2025

Description

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

AI AnalysisPowered by AI

Affected Products

solspacefreeform

References

https://github.com/TimTrademark/CVE-2025-52122
ExploitThird Party Advisory
https://github.com/TimTrademark/CVE-CraftCMS-Freeform
ExploitThird Party Advisory