CVE-2025-53833

Name of the Vulnerable Software and Affected Versions LaRecipe versions prior to 2.8.1

Description LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. The vulnerability allows attackers to inject malicious code through templates, potentially executing arbitrary PHP code due to the use of the eval() function without proper validation. Approximately 4.5 million results were found on one search engine, and 8.8 million services are estimated to be affected yearly.

Recommendations Upgrade to version 2.8.1 or later.