Platform
php
Component
kodicms
Fixed in
13.82.136
A code injection vulnerability has been identified in KodiCMS versions up to 13.82.135. This flaw resides within the Save function of the Layout API Endpoint (cms/modules/kodicms/classes/kodicms/model/file.php) and allows attackers to inject arbitrary code by manipulating the 'content' argument. Successful exploitation can lead to remote code execution, potentially compromising the entire system. The vulnerability was publicly disclosed on 2025-12-31 and a patch is available in version 13.82.136.
The code injection vulnerability in KodiCMS poses a significant risk. An attacker who successfully exploits this flaw can execute arbitrary code on the server hosting the KodiCMS application. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also leverage this access to move laterally within the network, compromising other systems and data. Given the publicly disclosed nature of the exploit, the potential for widespread exploitation is high, particularly if systems remain unpatched.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While no active campaigns have been definitively linked to this CVE as of the publication date, the availability of a public exploit suggests that attackers are actively seeking to exploit vulnerable systems. The vulnerability is not currently listed on CISA KEV, but its medium severity and public disclosure warrant close monitoring. The vendor's lack of response to early disclosure notifications is concerning.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15393 is to upgrade KodiCMS to version 13.82.136 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Input validation on the 'content' argument within the Layout API Endpoint can help prevent malicious code injection. Web application firewalls (WAFs) configured to detect and block code injection attempts can also provide a layer of protection. Monitor application logs for suspicious activity related to the Layout API Endpoint.
Update KodiCMS to a patched version that resolves the code injection vulnerability. If no version is available, consider disabling or removing the Layout API Endpoint module until a fix is released. Review and validate user inputs to prevent the execution of malicious code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15393 is a code injection vulnerability affecting KodiCMS versions up to 13.82.135, allowing attackers to inject malicious code via the Layout API Endpoint.
If you are using KodiCMS version 13.82.135 or earlier, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade KodiCMS to version 13.82.136 or later to resolve this code injection vulnerability. Implement input validation as a temporary workaround.
While no confirmed active campaigns are known, the public disclosure of the exploit suggests a high probability of exploitation.
Refer to the KodiCMS website or security mailing lists for the official advisory regarding CVE-2025-15393.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.