CNNVD-202508-2925 Information

CNNVD ID

CNNVD-202508-2925

Related CVE

CVE-2025-57811

• CNNVD Published: 2025-08-25

Description (Chinese)

CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS 4.0.0-RC1至4.16.5版本和5.0.0-RC1至5.8.6版本存在安全漏洞，该漏洞源于Twig SSTI可能导致远程代码执行。

Description (English)

CraftCMS is a content management system for CraftCMS. There is a security loophole in CraftCMS Versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, which originates from Twig SSTI and may result in remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CraftCMS

Published

2025-08-25

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/security/advisories/GHSA-crcq-738g-pqvc https://github.com/craftcms/cms/pull/17612 https://github.com/craftcms/cms/commit/e77f8a287dcdda41f1724f525d03542f18566cbc https://nvd.nist.gov/vuln/detail/CVE-2025-57811

Patch

https://github.com/craftcms/cms/releases