CVE-2025-53833

Published Jul 14, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-53833 is a Server-Side Template Injection (SSTI) vulnerability affecting LaRecipe, a documentation generator tool for Laravel applications. Versions prior to 2.8.1 are vulnerable. The vulnerability stems from improper input validation in LaRecipe's template processing system, which allows attackers to inject malicious code into server-side templates. Successful exploitation of this vulnerability could lead to Remote Code Execution (RCE). An attacker could execute arbitrary commands on the server, access sensitive environment variables, and potentially escalate privileges. It is recommended that users upgrade to version 2.8.1 or later to patch this flaw.

Description
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-1336

Social media

Hype score
Not currently trending
  1. Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: https://t.co/7Rb8lWD

    @h4x0r_fr34k

    11 Sept 2025

    678 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. Upcoming CVE & Bug Bounty POC Breakdowns I’ve been working on detailed breakdowns of some new vulnerabilities: CVE-2025-0133 : XSS (Citrix Logout XSS) CVE-2025-53833 : SSTI CVE-2025-30208 : Local File Inclusion All videos will premiere soon on YouTube. 🔗 Watch here: h

    @h4x0r_fr34k

    11 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #VulnerabilityReport #CVE202553833 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps https://t.co/rBMZtVk79r

    @Komodosec

    21 Aug 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 From Cloudflare Security Research Analysts 🚨 Fresh CVEs patched for Cloudflare WAF customers: 🔐 Sitecore (CVE-2025-34509/10/11): RCE via hardcoded creds + file upload 🧪 Grafana (CVE-2025-4123): XSS → malicious redirect ⚙️ LaRecipe (CVE-2025-53833): SSTI

    @Cloudflare

    5 Aug 2025

    7907 Impressions

    16 Retweets

    61 Likes

    12 Bookmarks

    2 Replies

    0 Quotes

  5. 🚨 CVE-2025-53833 - critical 🚨 LaRecipe < 2.8.1 Remote Code Execution via SSTI > LaRecipe is an application that allows users to create documentation with Markdown in... 👾 https://t.co/cjchsIgAHX @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    16 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #CVE-2025-53833 挺直给的一个漏洞,直接官方demo即可快速复现,步骤见图1,和grok协同搞了个漏洞分析报告,见图2. 题外话,没看懂360这个复现。 https://t.co/biFhpnNPKe https://t.co/qvKlu815wF

    @_r00tuser

    16 Jul 2025

    1952 Impressions

    8 Retweets

    28 Likes

    13 Bookmarks

    2 Replies

    0 Quotes

  7. Standout vuln: LaRecipe hit with a CVSS 10 SSTI (CVE-2025-53833). Critical for dev teams—patch ASAP! Full rundown in today’s brief: https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity

    @BriefCve27259

    15 Jul 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Could YOUR server be hacked today? 🚨🚨CVE-2025-53833 (CVSS: 10) reveals a critical Server-Side Template Injection (SSTI) in LaRecipe, allowing RCE! Attackers can run any command, steal sensitive data, or take over servers. Search by vul.cve Filter👉vul.cve="CVE-2025-538

    @zoomeye_team

    15 Jul 2025

    2043 Impressions

    9 Retweets

    22 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  9. Today's CVE Brief: 74 new vulns in 24hrs 12 CISA KEV—review & patch ASAP CVSS 10: LaRecipe SSTI (CVE-2025-53833) Critical LB-LINK router & Hgiga RCE flaws 80+ analyst insights More: https://t.co/Ykh4Hv37ol #CVE #infosec #cybersecurity

    @BriefCve27259

    15 Jul 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️⚠️ CVE-2025-53833(CVSS 10)Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps 🎯4.5m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/0mNG7zEb1P FOFA Query:app="Laravel-Framework" 🔖Refer:https://t.co/xUdOn

    @fofabot

    15 Jul 2025

    8728 Impressions

    34 Retweets

    113 Likes

    53 Bookmarks

    1 Reply

    1 Quote

  11. 🚨Alert🚨 CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps 📊8.8M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/4rxrUNGeBY 👇Query HUNTER : https://t.co/q9rtuGfZuz="Laravel" https://t.co/q

    @HunterMapping

    15 Jul 2025

    3012 Impressions

    13 Retweets

    38 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-53833 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Templat… https://t.co/ipNf7ahs8i

    @CVEnew

    14 Jul 2025

    552 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes