High severity8.0OSV Advisory· Published Oct 30, 2025· Updated Apr 15, 2026
CVE-2025-64112
CVE-2025-64112
Description
Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fixed in 5.22.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
statamic/cmsPackagist | < 5.22.1 | 5.22.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-g59r-24g3-h7cmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64112ghsaADVISORY
- github.com/statamic/cms/commit/e513751f433679ce698606e20c554a0c839987c1nvdWEB
- github.com/statamic/cms/releases/tag/v5.22.1ghsaWEB
- github.com/statamic/cms/security/advisories/GHSA-g59r-24g3-h7cmnvdWEB
News mentions
0No linked articles in our index yet.