CVE-2025-71243
Published Feb 19, 2026
Last updated 2 months ago
- Description
- The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- saisies
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-94
- Hype score
- Not currently trending
π #CyberSecurity Defending Against CVE-2025-71243 and Emerging Linux Evasion Techniques "In the cybersecurity landscape, tools used by penetration testers often provideβ¦" π https://t.co/C9hOZNJOGs #CyberSecurity #ThreatIntel #penetrationtesting #redteam #offensivesecu
@SecurityAr58409
15 Apr 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
No bad luck here! π The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0! Read the full details: https://t.co/TxoVyZhSiU #Metasploit
@metasploit
13 Mar 2026
2467 Impressions
6 Retweets
24 Likes
7 Bookmarks
0 Replies
0 Quotes
π¨ CVE-2025-71243 - critical π¨ SPIP Saisies - Remote Code Execution > SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by a... πΎ https://t.co/IWVajUjb0F @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
11 Mar 2026
217 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
After reversing CVE-2025-71243 in SPIP's Saisies plugin, I audited other SPIP plugins for the same template injection pattern. Found 5 more vulnerabilities across 4 plugins - same eval() chain, different entry points. Low-adoption plugins, but the patterns are worth documenting.
@Chocapikk_
25 Feb 2026
1596 Impressions
5 Retweets
21 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-71243 Remote Code Execution Vulnerability in SPIP Saisies Plugin 5.4.0-5.11.0 https://t.co/WVDrZtHrfp
@VulmonFeeds
19 Feb 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
1621 Impressions
4 Retweets
21 Likes
3 Bookmarks
2 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π΄ CVE-2025-71243 - Critical The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerabi... https://t.co/mpwZ2WXI0H https://t.co/hDv5Eay78p
@TheHackerWire
19 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:saisies:*:*:*:*:*:spip:*:*",
"matchCriteriaId": "A0CC0626-A012-4C8C-971A-C880F5EBDAA6",
"versionEndExcluding": "5.11.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]