High severityNVD Advisory· Published Nov 25, 2025· Updated Nov 25, 2025
CVE-2025-64050
CVE-2025-64050
Description
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
redaxo/sourcePackagist | < 5.20.1 | 5.20.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-xj9j-gjxg-7jvqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64050ghsaADVISORY
- drive.google.com/drive/folders/1Via4r4wn5zCcBllWmHpxYweCPgcbN0bzghsaWEB
- github.com/redaxo/redaxo/pull/6372/commits/bc96462e20f7e651b2e6c3bb59d141d5cb09af0fghsaWEB
- github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64050.mdghsaWEB
News mentions
0No linked articles in our index yet.