CVE-2025-47916
CRITICALDescription
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| invisioncommunity | invisioncommunity |
References
Frequently Asked Questions
What is CVE-2025-47916? +
How severe is CVE-2025-47916? +
What products are affected by CVE-2025-47916? +
How do I check if I'm vulnerable to CVE-2025-47916? +
Related Vulnerabilities
An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to …
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint …
Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with …
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an …
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to …
Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An …