How severe is CVE-2025-52122?

CVE-2025-52122 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-52122

Name: freeform
Author: solspace

9.8CRITICAL

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editin

发布于: 8/27/2025更新于: 9/9/2025

描述

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

AI分析AI驱动

受影响产品

solspacefreeform

参考资料

https://github.com/TimTrademark/CVE-2025-52122
ExploitThird Party Advisory
https://github.com/TimTrademark/CVE-CraftCMS-Freeform
ExploitThird Party Advisory