CVE-2025-64050

Published November 25th, 2025

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

redaxo/core

REDAXO, a PHP-based CMS since 2004. Both simple and flexible.

GitHub

348

vettrivel007/CVE-Disclosures

A repository documenting security vulnerabilities discovered in Free and Open Source Software (FOSS) by VETTRIVEL U

GitHub