CVE-2025-57811

MEDIUM
2025-08-25 [email protected]
6.1
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
Patch Released
Mar 28, 2026 - 19:08 nvd
Patch available
CVE Published
Aug 25, 2025 - 18:15 nvd
MEDIUM 6.1

Tags

RCE Ssti Craft Cms

Description

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7.

Analysis

Craft is a platform for creating digital experiences. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Technical Context

This vulnerability is classified under CWE-1336. Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7. Affected products include: Craftcms Craft Cms.

Affected Products

Craftcms Craft Cms.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +30
POC: 0

Share

CVE-2025-57811 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy