CVE-2025-14731
MEDIUMDescription
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
Is your site exposed to CVE-2025-14731?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ctcms_project | ctcms |
References
Exploits
Frequently Asked Questions
What is CVE-2025-14731? +
How severe is CVE-2025-14731? +
What products are affected by CVE-2025-14731? +
How do I check if I'm vulnerable to CVE-2025-14731? +
Related Vulnerabilities
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an …
DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, …
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on …
A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead …
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.