Login Sign Up

CVE-2025-14731

6.3 MEDIUM

📋 TL;DR

This vulnerability in CTCMS Content Management System allows remote attackers to execute template injection attacks through improper input sanitization in the template engine. Attackers can potentially execute arbitrary code or manipulate template rendering. All users running CTCMS versions up to 2.1.2 are affected.

💻 Affected Systems

Products:
  • CTCMS Content Management System
Versions: Up to and including version 2.1.2
Operating Systems: All platforms running CTCMS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Frontend/Template Management Module via CT_Parser.php library

📦 What is this software?

Ctcms by Ctcms Project

View all CVEs affecting Ctcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Template injection allowing content manipulation, privilege escalation, or limited code execution within the application context.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place, potentially only causing template rendering errors.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available and remote exploitation is possible without authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version beyond 2.1.2 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Add strict input validation and output encoding for template variables

Modify CT_Parser.php to implement htmlspecialchars() or similar encoding for all template variables

Access Restriction

all

Restrict access to template management functionality

Add authentication requirements to template editing endpoints
Implement IP whitelisting for admin functions

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block template injection patterns
  • Disable or restrict the Frontend/Template Management Module if not essential

🔍 How to Verify

Check if Vulnerable:

Check CTCMS version in admin panel or by examining version files. If version is 2.1.2 or lower, system is vulnerable.

Check Version:

Check /ctcms/version.txt or admin panel version display

Verify Fix Applied:

Test template injection attempts after implementing workarounds. Attempts should be blocked or properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual template file modifications
  • Suspicious POST requests to template endpoints
  • Error logs showing template parsing failures

Network Indicators:

  • HTTP requests containing template injection payloads to /ctcms/apps/libraries/CT_Parser.php

SIEM Query:

source="web_logs" AND (uri="/ctcms/apps/libraries/CT_Parser.php" OR uri="*template*") AND (payload="{{*" OR payload="{%*" OR payload="${*")

📊 Metadata

CVE ID: CVE-2025-14731
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-791
EPSS Score: 0.06% exploit probability (19th percentile)
Published: December 16, 2025
Last Updated: December 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14731, you might also want to check these:

CVE-2025-0324 9.4

CVE-2025-0324 is a privilege escalation vulnerability in Axis VAPIX Device Configuration framework t...

Same vulnerability type (CWE-791)
CVE-2024-47590 8.8

This CVE describes a server-side request forgery (SSRF) vulnerability in SAP systems where an unauth...

Same vulnerability type (CWE-791)
CVE-2025-6761 7.3

This critical vulnerability in Kingdee Cloud-Starry-Sky Enterprise Edition allows remote attackers t...

Same vulnerability type (CWE-791)