Plateforme
php
Composant
kodicms
Corrigé dans
13.82.136
A code injection vulnerability has been identified in KodiCMS versions up to 13.82.135. This flaw resides within the Save function of the Layout API Endpoint (cms/modules/kodicms/classes/kodicms/model/file.php) and allows attackers to inject arbitrary code by manipulating the 'content' argument. Successful exploitation can lead to remote code execution, potentially compromising the entire system. The vulnerability was publicly disclosed on 2025-12-31 and a patch is available in version 13.82.136.
The code injection vulnerability in KodiCMS poses a significant risk. An attacker who successfully exploits this flaw can execute arbitrary code on the server hosting the KodiCMS application. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also leverage this access to move laterally within the network, compromising other systems and data. Given the publicly disclosed nature of the exploit, the potential for widespread exploitation is high, particularly if systems remain unpatched.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While no active campaigns have been definitively linked to this CVE as of the publication date, the availability of a public exploit suggests that attackers are actively seeking to exploit vulnerable systems. The vulnerability is not currently listed on CISA KEV, but its medium severity and public disclosure warrant close monitoring. The vendor's lack of response to early disclosure notifications is concerning.
Organizations utilizing KodiCMS versions 13.82.135 and earlier, particularly those with publicly accessible instances of the Layout API Endpoint, are at significant risk. Shared hosting environments where multiple users share the same KodiCMS installation are also vulnerable, as a compromise of one user's instance could potentially affect others.
• php: Examine application logs for unusual activity related to the Layout API Endpoint. Search for POST requests with suspicious content in the 'content' parameter.
grep -i 'kodicms/classes/kodicms/model/file.php' /var/log/apache2/access.log | grep -i 'content='• generic web: Use curl to test the Layout API Endpoint with a crafted payload containing potentially malicious code. Monitor the response for unexpected behavior or errors.
curl -X POST -d 'content=<script>alert("XSS")</script>' http://your-kodicms-site/cms/modules/kodicms/classes/kodicms/model/file.phpdisclosure
Statut de l'Exploit
EPSS
0.06% (percentile 19%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-15393 is to upgrade KodiCMS to version 13.82.136 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Input validation on the 'content' argument within the Layout API Endpoint can help prevent malicious code injection. Web application firewalls (WAFs) configured to detect and block code injection attempts can also provide a layer of protection. Monitor application logs for suspicious activity related to the Layout API Endpoint.
Mettez à jour KodiCMS vers une version corrigée qui résout la vulnérabilité d'injection de code. Si aucune version n'est disponible, envisagez de désactiver ou de supprimer le module Layout API Endpoint jusqu'à ce qu'une solution soit publiée. Examinez et validez les entrées utilisateur pour éviter l'exécution de code malveillant.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-15393 is a code injection vulnerability affecting KodiCMS versions up to 13.82.135, allowing attackers to inject malicious code via the Layout API Endpoint.
If you are using KodiCMS version 13.82.135 or earlier, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade KodiCMS to version 13.82.136 or later to resolve this code injection vulnerability. Implement input validation as a temporary workaround.
While no confirmed active campaigns are known, the public disclosure of the exploit suggests a high probability of exploitation.
Refer to the KodiCMS website or security mailing lists for the official advisory regarding CVE-2025-15393.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.