exploitDog

CVE-2025-54815

Опубликовано: 19 сент. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.

Ссылки

https://github.com/quarter77/PPress-CMS_vulnerability_chain_details/blob/main/CVE-2025-54815%20Details.md
Exploit
Third Party Advisory
https://github.com/yandaozi/PPress/releases/tag/v0.0.9-beta
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yandaozi:ppress:0.0.9:beta:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00114

Низкий

8.8 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-8xrg-qhp8-h7wh

CVSS3: 8.8

github

5 месяцев назад

Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.

EPSS

Процентиль: 31%

0.00114

Низкий

8.8 High

CVSS3

Дефекты

CWE-94