CVE-2025-71243

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-71243

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71243.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-71243

Published

2026-02-19T16:27:12.303Z

Modified

2026-02-28T06:40:34.323368Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

References

Affected packages

Git / git.spip.net/spip-contrib-extensions/saisies

Affected ranges

Type: GIT
Repo: https://git.spip.net/spip-contrib-extensions/saisies
Events: Introduced

87a52efb4012cc6c5da12d0ab2d3a6e7a8a6ff12

Fixed

a9c460b62a6ae202be106db8d42cc4d6fc1d67dc

Affected versions

5.*

5.10.0

v5.*

v5.11.0

v5.4.0

v5.4.1

v5.5.0

v5.5.1

v5.6.0

v5.6.1

v5.7.0

v5.7.1

v5.7.2

v5.8.0

v5.8.1

v5.8.2

v5.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71243.json"