Login Sign Up

CVE-2025-54815

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a server-side template injection vulnerability in PPress CMS version 0.0.9 that allows attackers to execute arbitrary code on the server by uploading malicious theme files. All users running PPress 0.0.9 are affected, particularly those allowing theme uploads or using untrusted themes.

💻 Affected Systems

Products:
  • PPress CMS
Versions: 0.0.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires theme upload capability or ability to modify existing themes.

📦 What is this software?

Ppress by Yandaozi

View all CVEs affecting Ppress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install backdoors, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to website defacement, data theft, or cryptocurrency mining malware installation.

🟢

If Mitigated

Limited impact if theme uploads are disabled and only trusted themes are used.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to upload or modify themes, which typically requires some level of access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.0.9-beta or later

Vendor Advisory: https://github.com/yandaozi/PPress/releases/tag/v0.0.9-beta

Restart Required: Yes

Instructions:

1. Backup your PPress installation and database. 2. Download the latest version from the official repository. 3. Replace all files with the patched version. 4. Restart your web server.

🔧 Temporary Workarounds

Disable theme uploads

linux

Remove ability for users to upload or modify themes through configuration or file permissions.

chmod 644 /path/to/ppress/themes/*
chmod 755 /path/to/ppress/themes/

Restrict theme directory permissions

windows

Set strict file permissions on theme directories to prevent unauthorized modifications.

icacls "C:\path\to\ppress\themes" /deny Everyone:(OI)(CI)(M)

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block template injection patterns
  • Disable all theme-related functionality and use only default themes

🔍 How to Verify

Check if Vulnerable:

Check if running PPress version 0.0.9 and review theme upload/modification capabilities.

Check Version:

grep -r "version.*0.0.9" /path/to/ppress/ || find /path/to/ppress -name "*.php" -exec grep -l "0.0.9" {} \;

Verify Fix Applied:

Verify version is v0.0.9-beta or later and test theme upload functionality with malicious payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual theme file uploads
  • Template engine error messages containing user input
  • Suspicious file extensions in theme directories

Network Indicators:

  • HTTP POST requests to theme upload endpoints with encoded payloads
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="/themes/upload" OR uri="/admin/themes") AND (payload="{{.*}}" OR payload="${.*}")

📊 Metadata

CVE ID: CVE-2025-54815
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.15% exploit probability (35.2th percentile)
Published: September 19, 2025
Last Updated: September 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54815, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)