- Description
- A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- redaxo
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
- Hype score
- Not currently trending
CVE-2025-64050 (CVSS:7.2, HIGH) is Undergoing Analysis. A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote auth..https://t.co/YXX5xQspPh #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 Nov 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ๐ #CyberAlert: CVE-2025-64050 is making waves! ๐ A critical RCE vulnerability in #REDAXO CMS 5.20.0 allows admin-level attackers to inject PHP code via templates, executing commands on site visitors. Patch urgently to protect your sites! ๐ง๐ก๏ธ #CyberSec #Infosec #
@SecAideInfo
28 Nov 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-64050 A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary โฆ https://t.co/LGP8sarr48
@CVEnew
25 Nov 2025
234 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redaxo:redaxo:5.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "925CD38C-2DA9-4440-AED4-EFBE03160E71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]