Cybersecurity Vulnerabilities

Critical RCE Vulnerability Plagues REDAXO CMS: CVE-2025-64050 Exploitable by Admins

November 25, 2025 - By 

Overview

A high-severity Remote Code Execution (RCE) vulnerability, identified as CVE-2025-64050, has been discovered in REDAXO CMS version 5.20.0. This vulnerability allows authenticated administrators to execute arbitrary operating system commands by injecting malicious PHP code into an active template. The injected code is then executed whenever a visitor accesses a frontend page using the compromised template.

Technical Details

The vulnerability resides within the template management component of REDAXO CMS. An authenticated administrator can modify a template, injecting PHP code within the template’s source. This code is then parsed and executed by the server when the template is rendered for frontend users. The exploitation requires administrative privileges, but successful exploitation grants the attacker full control over the underlying server.

The injection point is the template content itself. By crafting a malicious template containing PHP code (e.g., using ``), an attacker can execute arbitrary commands on the server. The payload will execute when a user requests a page using that infected template.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-64050 is 7.2 (HIGH).

  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality Impact (C): High (H)
  • Integrity Impact (I): High (H)
  • Availability Impact (A): High (H)

This score reflects the high impact of the vulnerability, as it allows for complete system compromise.

Possible Impact

Successful exploitation of CVE-2025-64050 can lead to severe consequences, including:

  • Complete System Compromise: Attackers can gain full control of the server, allowing them to modify files, install malware, and access sensitive data.
  • Data Breach: Sensitive data stored on the server, including user credentials and database information, can be compromised.
  • Website Defacement: Attackers can modify the website’s content, causing reputational damage.
  • Denial of Service (DoS): Attackers can disrupt website operations by crashing the server or flooding it with requests.

Mitigation and Patch Steps

To mitigate the risk posed by CVE-2025-64050, the following steps are recommended:

  1. Upgrade REDAXO CMS: Upgrade to a patched version of REDAXO CMS as soon as it becomes available. Check the official REDAXO website for updates.
  2. Restrict Administrator Access: Limit the number of users with administrative privileges to only those who absolutely require them.
  3. Regular Security Audits: Perform regular security audits of your REDAXO CMS installation to identify and address potential vulnerabilities.
  4. Web Application Firewall (WAF): Implement a Web Application Firewall (WAF) with rules to detect and block attempts to inject malicious code into templates.
  5. Input Validation: Even though this vulnerability requires administrative access, enforce strict input validation and sanitization for all user-supplied data, including template content.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *