Is there a public PoC exploit available for CVE-2025-14731?

Yes, a public proof-of-concept exploit is available for CVE-2025-14731. Prioritise patching immediately. EPSS: 0.1%.

CTCMS Content Management System CVE-2025-14731

Q: What is the CVSS score of CVE-2025-14731?

CVE-2025-14731 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Incomplete Filtering of Special Elements (CWE-791)

2025-12-16 cna@vuldb.com

PHP Information Disclosure Ctcms

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:37 vuln.today

DescriptionNVD

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

AnalysisAI

Template injection in CTCMS up to version 2.1.2 allows authenticated remote attackers to bypass template engine protections via improper neutralization of special elements in the Frontend/Template Management Module. The vulnerability affects the CT_Parser.php library and enables information disclosure with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS exploitation probability remains low at 0.09% (26th percentile), suggesting limited real-world weaponization despite POC availability.

Technical ContextAI

CTCMS is a PHP-based content management system that processes user-supplied template code through the CT_Parser.php library without proper sanitization. The vulnerability stems from CWE-791 (improper neutralization of special elements used in a template engine), a server-side template injection (SSTI) flaw that permits attackers to inject arbitrary template directives. Template engines like those commonly used in PHP CMS platforms interpret special syntax (e.g., {{ }}, {% %}) to render dynamic content; insufficient neutralization allows bypass of intended access controls. The affected component (Frontend/Template Management Module) suggests the vulnerability exists in template rendering functionality accessible to authenticated users managing site content.

RemediationAI

Upgrade CTCMS to a version newer than 2.1.2 if available from the project. If an immediate upgrade is not feasible, restrict access to the Frontend/Template Management Module (CT_Parser.php endpoint) to trusted administrative users only via web application firewall rules or network segmentation, limiting PR:L (low privilege) attacks to trusted roles. Disable template engine dynamic evaluation features if the application design permits static template-only deployment. Input validation on template syntax should be hardened to reject special characters and template directives ({{ }}, {% %}, etc.) before parser processing. Monitor template rendering logs for suspicious directive patterns. These compensating controls trade convenience (dynamic templates) for security when patching is delayed.

CVE-2025-14731 vulnerability details – vuln.today

Back