AI description
CVE-2025-71243 describes a Remote Code Execution (RCE) vulnerability found in the 'Saisies pour formulaire' plugin for SPIP. This flaw impacts versions 5.4.0 through 5.11.0 of the plugin. The vulnerability allows an attacker to execute arbitrary code on the affected server. This is due to improper control over code generation within the plugin, which enables the injection of malicious code. Exploitation of this vulnerability does not require authentication or user interaction. To mitigate this issue, users are advised to update the 'Saisies pour formulaire' plugin to version 5.11.1 or later.
- Description
- The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-94
- Hype score
- Not currently trending
CVE-2025-71243 Remote Code Execution Vulnerability in SPIP Saisies Plugin 5.4.0-5.11.0 https://t.co/WVDrZtHrfp
@VulmonFeeds
19 Feb 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
1621 Impressions
4 Retweets
21 Likes
3 Bookmarks
2 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-71243 - SPIP Saisies Plugin RCE Advisory dropped today, PoC ready 30 minutes later. Full AI-assisted reversal from patch diff to confirmed RCE. Same exploitation pattern as CVE-2023-27372 - unsanitized input into SPIP's template engine with interdire_scripts=false. Two
@Chocapikk_
19 Feb 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-71243 - Critical The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerabi... https://t.co/mpwZ2WXI0H https://t.co/hDv5Eay78p
@TheHackerWire
19 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes