AI description
CVE-2025-53833 is a Server-Side Template Injection (SSTI) vulnerability affecting LaRecipe, a documentation generator tool for Laravel applications. Versions prior to 2.8.1 are vulnerable. The vulnerability stems from improper input validation in LaRecipe's template processing system, which allows attackers to inject malicious code into server-side templates. Successful exploitation of this vulnerability could lead to Remote Code Execution (RCE). An attacker could execute arbitrary commands on the server, access sensitive environment variables, and potentially escalate privileges. It is recommended that users upgrade to version 2.8.1 or later to patch this flaw.
- Description
- LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-1336
- Hype score
- Not currently trending
Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: https://t.co/7Rb8lWD
@h4x0r_fr34k
11 Sept 2025
678 Impressions
2 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS (Citrix Logout XSS) CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: h
@h4x0r_fr34k
11 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #CVE202553833 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps https://t.co/rBMZtVk79r
@Komodosec
21 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 From Cloudflare Security Research Analysts 🚨 Fresh CVEs patched for Cloudflare WAF customers: 🔐 Sitecore (CVE-2025-34509/10/11): RCE via hardcoded creds + file upload 🧪 Grafana (CVE-2025-4123): XSS → malicious redirect ⚙️ LaRecipe (CVE-2025-53833): SSTI
@Cloudflare
5 Aug 2025
7907 Impressions
16 Retweets
61 Likes
12 Bookmarks
2 Replies
0 Quotes
🚨 CVE-2025-53833 - critical 🚨 LaRecipe < 2.8.1 Remote Code Execution via SSTI > LaRecipe is an application that allows users to create documentation with Markdown in... 👾 https://t.co/cjchsIgAHX @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
16 Jul 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-53833 挺直给的一个漏洞,直接官方demo即可快速复现,步骤见图1,和grok协同搞了个漏洞分析报告,见图2. 题外话,没看懂360这个复现。 https://t.co/biFhpnNPKe https://t.co/qvKlu815wF
@_r00tuser
16 Jul 2025
1952 Impressions
8 Retweets
28 Likes
13 Bookmarks
2 Replies
0 Quotes
Standout vuln: LaRecipe hit with a CVSS 10 SSTI (CVE-2025-53833). Critical for dev teams—patch ASAP! Full rundown in today’s brief: https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity
@BriefCve27259
15 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Could YOUR server be hacked today? 🚨🚨CVE-2025-53833 (CVSS: 10) reveals a critical Server-Side Template Injection (SSTI) in LaRecipe, allowing RCE! Attackers can run any command, steal sensitive data, or take over servers. Search by vul.cve Filter👉vul.cve="CVE-2025-538
@zoomeye_team
15 Jul 2025
2043 Impressions
9 Retweets
22 Likes
16 Bookmarks
0 Replies
0 Quotes
Today's CVE Brief: 74 new vulns in 24hrs 12 CISA KEV—review & patch ASAP CVSS 10: LaRecipe SSTI (CVE-2025-53833) Critical LB-LINK router & Hgiga RCE flaws 80+ analyst insights More: https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity
@BriefCve27259
15 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-53833(CVSS 10)Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps 🎯4.5m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/0mNG7zEb1P FOFA Query:app="Laravel-Framework" 🔖Refer:https://t.co/xUdOn
@fofabot
15 Jul 2025
8728 Impressions
34 Retweets
113 Likes
53 Bookmarks
1 Reply
1 Quote
🚨Alert🚨 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps 📊8.8M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/4rxrUNGeBY 👇Query HUNTER : https://t.co/q9rtuGfZuz="Laravel" https://t.co/q
@HunterMapping
15 Jul 2025
3012 Impressions
13 Retweets
38 Likes
19 Bookmarks
0 Replies
0 Quotes
CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat… https://t.co/ipNf7ahs8i
@CVEnew
14 Jul 2025
552 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes