← back
CVE-2025-64050

CVE-2025-64050

CVSS 7.2 HIGHEPSS 0.8%CWE-94
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
25 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a