CVE-2025-53833

Published Jul 14, 2025

Last updated 2 days ago

LaRecipe

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-53833 is a Server-Side Template Injection (SSTI) vulnerability affecting LaRecipe, a documentation generator tool for Laravel applications. Versions prior to 2.8.1 are vulnerable. The vulnerability stems from improper input validation in LaRecipe's template processing system, which allows attackers to inject malicious code into server-side templates. Successful exploitation of this vulnerability could lead to Remote Code Execution (RCE). An attacker could execute arbitrary commands on the server, access sensitive environment variables, and potentially escalate privileges. It is recommended that users upgrade to version 2.8.1 or later to patch this flaw.

Description: LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
Source: security-advisories@github.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security-advisories@github.com: CWE-1336

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 30

References