Home > Vulnerability Database > CVE-2025-64050

Mend.io Vulnerability Database

CVE-2025-64050

Good to know:

Date: November 24, 2025

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

Severity Score

7.2

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64050

Url: https://github.com/redaxo/redaxo/pull/6372/commits/bc96462e20f7e651b2e6c3bb59d141d5cb09af0f

Url: https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64050.md

Url: https://drive.google.com/drive/folders/1Via4r4wn5zCcBllWmHpxYweCPgcbN0bz?usp=sharing

Url: https://github.com/redaxo/redaxo

Url: https://www.mend.io/vulnerability-database/CVE-2025-64050

Severity Score

7.2

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64050

Good to know:

Date: November 24, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?