CVE-2025-47916

Published May 16, 2025

Last updated 9 months ago

CVSS critical 10.0

Overview

Description
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
Source
cve@mitre.org
NVD status
Analyzed
Products
invisioncommunity

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-1336
nvd@nist.gov
CWE-94

Social media

Hype score
Not currently trending

  1. Critical flaw in #Fedora41’s MinGW Python Requests (CVE-2025-47916db6c7) exposes systems to RCE. Patch immediately: ✅ sudo dnf update mingw-python-requests ✅ Audit CI/CD pipelines Read more: 👉https://t.co/97YIpjwIOo #Linux #Infosec https://t.co/L

    @Cezar_H_Linux

    14 Jul 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution https://t.co/gcdOzBoHtt

    @_r_netsec

    23 May 2025

    917 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚀 I just released a new Metasploit module for Invision Community ≤ 5.0.6 (CVE-2025-47916)! 🔗 PR: https://t.co/VdTETvQXlS https://t.co/tg5a9OucOU

    @Chocapikk_

    20 May 2025

    4459 Impressions

    32 Retweets

    99 Likes

    21 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-47916 Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (… https://t.co/viCbBWayEs

    @CVEnew

    17 May 2025

    284 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-47916] Invision Community <= 5.0.6 (customCss) Remote Code Execution https://t.co/gcdOzBpfj1

    @_r_netsec

    14 May 2025

    750 Impressions

    2 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.CVE-2024-30163

References

Sources include official advisories and independent security research.