CVE-2025-52122
9.8CRITICALFreeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editin
Опубликовано: 8/27/2025Обновлено: 9/9/2025
Описание
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).
ИИ-АнализНа базе ИИ
Затронутые продукты
solspacefreeform
Ссылки
- https://github.com/TimTrademark/CVE-2025-52122ExploitThird Party Advisory
- https://github.com/TimTrademark/CVE-CraftCMS-FreeformExploitThird Party Advisory