Plattform
php
Komponente
binarytorch/larecipe
Behoben in
2.8.2
2.8.1
CVE-2025-53833 represents a critical Server-Side Template Injection (SSTI) vulnerability discovered in the binarytorch/larecipe library. Successful exploitation can lead to Remote Code Execution (RCE), granting attackers significant control over the affected server. This vulnerability impacts versions of larecipe up to and including v2.8.0. Users are strongly advised to upgrade to version v2.8.1 or later to remediate this risk.
The impact of CVE-2025-53833 is severe due to the potential for Remote Code Execution. An attacker exploiting this SSTI vulnerability can execute arbitrary commands on the server hosting the larecipe application. This allows for complete compromise of the system, including data exfiltration, malware installation, and denial of service. Furthermore, attackers can access sensitive environment variables, potentially revealing credentials or other sensitive information. The ability to escalate access depends on the server's configuration, but successful exploitation could grant attackers root or administrator privileges, expanding the blast radius significantly. This vulnerability shares similarities with other SSTI exploits where template engines are improperly sanitized, allowing attackers to inject malicious code.
CVE-2025-53833 was published on 2025-07-14. The vulnerability was responsibly identified and reported by Roman Ananev. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. As of the publication date, there are no publicly known active campaigns targeting this vulnerability, but the ease of exploitation associated with SSTI vulnerabilities suggests it may become a target. The EPSS score is likely to be assessed as high due to the critical CVSS score and the potential for widespread impact. Monitor security advisories and threat intelligence feeds for any indications of exploitation.
Exploit-Status
EPSS
16.76% (95% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-53833 is to immediately upgrade to version v2.8.1 or later of the binarytorch/larecipe library. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These might include strict input validation on any user-supplied data used within the template rendering process. Web Application Firewalls (WAFs) configured with rules to detect and block SSTI attempts can provide an additional layer of defense. Monitor server logs for suspicious activity related to template rendering. After upgrading, confirm the vulnerability is resolved by attempting a controlled SSTI payload and verifying that it is properly sanitized and does not result in code execution.
Actualice LaRecipe a la versión 2.8.1 o superior. Esta versión contiene una corrección para la vulnerabilidad de Server-Side Template Injection (SSTI). Puede actualizar a través de Composer ejecutando `composer update saleem-hadad/larecipe`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a critical Server-Side Template Injection (SSTI) vulnerability in the binarytorch/larecipe library, allowing attackers to potentially execute code on the server.
If you are using binarytorch/larecipe version 2.8.0 or earlier, you are vulnerable. Check your dependencies immediately.
Upgrade to version 2.8.1 or later of binarytorch/larecipe. If immediate upgrade isn't possible, implement temporary input validation and WAF rules.
As of the publication date, there are no known active campaigns, but the vulnerability's severity suggests it could become a target.
Refer to the official binarytorch/larecipe project repository and security advisories for updates and further information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.