CVE-2025-32461

Published Apr 9, 2025

Last updated 3 months ago

CVSS critical 9.9

Overview

Description
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-1336

Social media

Hype score
Not currently trending

  1. CVE-2025-32461 (CVSS:9.9, CRITICAL) is Awaiting Analysis. wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The..https://t.co/DdLXblevtN #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Apr 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. πŸ”΄ Critical security flaw (CVE-2025-32461) in Tiki CMS allows remote code execution via template injection. Affects versions prior to 28.3. Learn how to protect your systems now: https://t.co/AgglDubqEj #CVE2025 #CyberSecurity #TikiCMS #Infosec

    @threatsbank

    10 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-32461 βš οΈπŸ”΄ CRITICAL (9.9) 🏒 Tiki - Tiki πŸ—οΈ 0 πŸ”— https://t.co/JbnJBDxdXO πŸ”— https://t.co/48OjqaGeUU πŸ”— https://t.co/CvXtoltNlk πŸ”— https://t.co/6D4styQekg πŸ”— https://t.co/DwwfGUQa5A πŸ”— https://t.co/t6OE4zfjhr πŸ”— https://t.co/vnhBWTUsNT #CyberCron #VulnAlert #InfoSec h

    @cybercronai

    9 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.