Craft Cms · Freeforum · CVE-2025-52122
Name of the Vulnerable Software and Affected Versions:
Freeform versions 5.0.0 through 5.10.16
Description:
The Freeform plugin for CraftCMS contains a Server-side template injection (SSTI) vulnerability. This allows for arbitrary code injection for users with permission to edit a form submission title.
Recommendations:
Update Freeform to version 5.10.16 or later.