CVE-2025-65271

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-65271

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65271.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65271

Published

2025-12-08T19:15:50.540Z

Modified

2026-03-15T14:54:13.420319Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

References

Affected packages

Git / github.com/azuriom/azuriom

Affected ranges

Type

GIT

Repo

https://github.com/azuriom/azuriom

Events

Introduced

Fixed

0289175547319add814dcb526e8ba034f1ebc3ec

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.7"
        }
    ]
}

Affected versions

0.*

0.2.4

v0.*

v0.1

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.10

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.2.8

v0.2.9

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65271.json"