VYPR
High severityNVD Advisory· Published Nov 25, 2025· Updated Nov 25, 2025

CVE-2025-64050

CVE-2025-64050

Description

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
redaxo/sourcePackagist
< 5.20.15.20.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.

CVE-2025-64050 · high · VYPR