Login Sign Up

CVE-2025-64050

7.2 HIGH
Remote Code Execution

📋 TL;DR

A Remote Code Execution vulnerability in REDAXO CMS 5.20.0 allows authenticated administrators to inject PHP code into templates, which executes when visitors access frontend pages. This enables attackers with admin credentials to run arbitrary operating system commands on the server. Only REDAXO CMS 5.20.0 installations with administrator accounts are affected.

💻 Affected Systems

Products:
  • REDAXO CMS
Versions: 5.20.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated administrator access to the template management component.

📦 What is this software?

Redaxo by Redaxo

View all CVEs affecting Redaxo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing data theft, malware deployment, lateral movement, and complete system takeover.

🟠

Likely Case

Website defacement, data exfiltration, backdoor installation, and credential harvesting from visitors.

🟢

If Mitigated

Limited impact if strong access controls, template validation, and monitoring are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.20.1 or later

Vendor Advisory: https://github.com/redaxo/redaxo

Restart Required: No

Instructions:

1. Backup your REDAXO installation and database. 2. Update REDAXO CMS to version 5.20.1 or later via the admin panel or manual download. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Template Editing

all

Remove template editing permissions from administrator roles until patched.

Modify user permissions in REDAXO admin panel to disable template management access

Input Validation Filter

all

Add custom PHP validation to sanitize template content before processing.

Implement custom validation in template processing logic to block PHP code injection

🧯 If You Can't Patch

  • Implement strict access controls and multi-factor authentication for all admin accounts.
  • Deploy a web application firewall (WAF) with rules to detect and block PHP code injection attempts.

🔍 How to Verify

Check if Vulnerable:

Check if REDAXO version is exactly 5.20.0 in the admin panel or via version file.

Check Version:

Check REDAXO admin dashboard or inspect /redaxo/data/core/config.yml for version info.

Verify Fix Applied:

Confirm REDAXO version is 5.20.1 or higher and test template editing functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual template modification timestamps
  • Admin account logins from unexpected locations
  • PHP execution errors in web server logs

Network Indicators:

  • Unexpected outbound connections from web server
  • Suspicious POST requests to template management endpoints

SIEM Query:

source="web_logs" AND (uri="/redaxo/index.php?page=templates" OR message="template injection")

📊 Metadata

CVE ID: CVE-2025-64050
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.49% exploit probability (65.1th percentile)
Published: November 25, 2025
Last Updated: December 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64050, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)