CVE-2025-62369

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xibo versions 4.3.0 and below

Description Xibo is a digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution issue in the CMS Developer menu’s Module Templating functionality. Authenticated users with “System -> Add/Edit custom modules and templates” permissions can manipulate Twig filters and execute arbitrary server-side functions as the web server user.

Recommendations Update to version 4.3.1. Apply the 4.1 and 4.2 patch commits as a workaround.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-94

Related Identifiers

CVE-2025-62369

GHSA-7RMM-689C-GJGV

Affected Products

Xibo

CVE-2025-62369

Weakness Enumeration

Related Identifiers

Affected Products

References · 10