Plateforme
php
Composant
xibo-cms
Corrigé dans
4.3.2
CVE-2025-62369 describes a Remote Code Execution (RCE) vulnerability affecting Xibo CMS versions 4.3.0 and earlier. This flaw allows authenticated users with elevated privileges to execute arbitrary code on the server. The vulnerability resides within the CMS Developer menu's Module Templating functionality. A patch addressing this issue is available in version 4.3.1.
An attacker exploiting this vulnerability could gain complete control over the Xibo CMS server. This could lead to data breaches, system compromise, and the potential for lateral movement within the network. The attacker would need to be an authenticated user with the "System -> Add/Edit custom modules and templates" permission. Successful exploitation involves manipulating Twig filters within the module templating system to execute arbitrary server-side functions. Given Xibo's use in digital signage deployments, attackers could potentially manipulate displayed content or gain access to sensitive data stored within the CMS.
This vulnerability was publicly disclosed on 2025-11-04. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's severity is rated HIGH (CVSS 7.2). It is not currently listed on the CISA KEV catalog.
Organizations utilizing Xibo CMS for digital signage deployments, particularly those running versions 4.3.0 or earlier, are at risk. Shared hosting environments where multiple users have access to CMS configuration are especially vulnerable, as is any deployment with overly permissive user roles.
• linux / server: Monitor Xibo CMS logs for unusual Twig filter usage or attempts to execute arbitrary code. Use journalctl -f to monitor CMS logs in real-time.
journalctl -f -u xibo-cms• php: Check for unauthorized modifications to module templates within the Xibo CMS installation directory.
find /var/www/xibo/ -name '*.twig' -mtime -7• generic web: Examine access logs for requests containing suspicious Twig filter parameters. Use grep to search for patterns indicative of exploitation attempts.
grep -i 'twig|filter' /var/log/apache2/access.logdisclosure
Statut de l'Exploit
EPSS
0.55% (percentile 68%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to upgrade Xibo CMS to version 4.3.1 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, apply the patch commits from versions 4.1 and 4.2 as a temporary workaround. These commits address the underlying issue. Review user permissions to ensure that only authorized personnel have access to the "System -> Add/Edit custom modules and templates" functionality. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious attempts to manipulate Twig filters.
Actualice Xibo CMS a la versión 4.3.1 o superior. Como alternativa, aplique los parches de las versiones 4.1 y 4.2 disponibles en los commits especificados en las referencias del CVE. Esto solucionará la vulnerabilidad de ejecución remota de código.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-62369 is a Remote Code Execution vulnerability in Xibo CMS versions 4.3.0 and below. It allows authenticated users with specific permissions to execute arbitrary code on the server.
You are affected if you are running Xibo CMS versions 4.3.0 or earlier and have users with "System -> Add/Edit custom modules and templates" permissions.
Upgrade Xibo CMS to version 4.3.1 or later. As a temporary workaround, apply the patch commits from versions 4.1 and 4.2.
There is no confirmed active exploitation of CVE-2025-62369 at this time, but it is a HIGH severity vulnerability and should be addressed promptly.
Refer to the official Xibo CMS security advisory for detailed information and updates: [https://xibo.org/security/advisories](https://xibo.org/security/advisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.