CVE-2025-14731

Description

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

CVSS v3.1 Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

CWE-791 CWE-791

CWE-1336 CWE-1336

Affected Products

Vendor	Product	Versions
ctcms_project	ctcms	< 2.1.2

References

Exploits

https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN https://note-hxlab.wetolink.com/share/U6cnRoRfn09r https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN https://note-hxlab.wetolink.com/share/U6cnRoRfn09r

Other References

https://vuldb.com/?ctiid.336488 https://vuldb.com/?id.336488 https://vuldb.com/?submit.707106 https://vuldb.com/?submit.707107

Frequently Asked Questions

What is CVE-2025-14731? +

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. It has a CVSS v3.1 base score of 6.3 (MEDIUM).

How severe is CVE-2025-14731? +

CVE-2025-14731 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-14731? +

CVE-2025-14731 affects products from ctcms_project, specifically: ctcms. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-14731? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-44232

DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, …

CVE-2024-45481

An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an …

CVE-2025-0324 9.4

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

CVE-2024-47590 8.8

An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on …

CVE-2024-27489 7.5

An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.

CVE-2026-7164 7.5

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. …