CVE-2025-71250

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9

Description SPIP versions prior to 4.4.9 contain an insecure deserialization flaw. This issue affects the public area through the table valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content can trigger arbitrary object instantiation and potentially achieve remote code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5.

Recommendations Update to SPIP version 4.4.9 or later.