How severe is CVE-2025-52122?

CVE-2025-52122 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-52122

Name: freeform
Author: solspace

9.8CRITICAL

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editin

Publicado: 8/27/2025Actualizado: 9/9/2025

Descripción

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

Análisis IAImpulsado por IA

Productos Afectados

solspacefreeform

Referencias

https://github.com/TimTrademark/CVE-2025-52122
ExploitThird Party Advisory
https://github.com/TimTrademark/CVE-CraftCMS-Freeform
ExploitThird Party Advisory