PT-2025-48038 · Redaxo · Redaxo Cms
Published
2025-11-25
·
Updated
2025-11-30
·
CVE-2025-64050
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
REDAXO CMS version 5.20.0
Description
A Remote Code Execution (RCE) issue exists in the template management component of REDAXO CMS. A remote, authenticated administrator can execute arbitrary operating system commands by injecting PHP code into an active template. When visitors access frontend pages using the compromised template, the injected code is executed. The payload is executed when visitors access frontend pages using the compromised template.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redaxo Cms