CVE-2025-24374 Information

Description

Twig is a template language for PHP. When using the ?? operator output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.

Reference

https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3 https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr