Platform
php
Component
kodicms
Opgelost in
13.82.136
A code injection vulnerability has been identified in KodiCMS versions up to 13.82.135. This flaw resides within the Save function of the Layout API Endpoint (cms/modules/kodicms/classes/kodicms/model/file.php) and allows attackers to inject arbitrary code by manipulating the 'content' argument. Successful exploitation can lead to remote code execution, potentially compromising the entire system. The vulnerability was publicly disclosed on 2025-12-31 and a patch is available in version 13.82.136.
The code injection vulnerability in KodiCMS poses a significant risk. An attacker who successfully exploits this flaw can execute arbitrary code on the server hosting the KodiCMS application. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also leverage this access to move laterally within the network, compromising other systems and data. Given the publicly disclosed nature of the exploit, the potential for widespread exploitation is high, particularly if systems remain unpatched.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While no active campaigns have been definitively linked to this CVE as of the publication date, the availability of a public exploit suggests that attackers are actively seeking to exploit vulnerable systems. The vulnerability is not currently listed on CISA KEV, but its medium severity and public disclosure warrant close monitoring. The vendor's lack of response to early disclosure notifications is concerning.
Organizations utilizing KodiCMS versions 13.82.135 and earlier, particularly those with publicly accessible instances of the Layout API Endpoint, are at significant risk. Shared hosting environments where multiple users share the same KodiCMS installation are also vulnerable, as a compromise of one user's instance could potentially affect others.
• php: Examine application logs for unusual activity related to the Layout API Endpoint. Search for POST requests with suspicious content in the 'content' parameter.
grep -i 'kodicms/classes/kodicms/model/file.php' /var/log/apache2/access.log | grep -i 'content='• generic web: Use curl to test the Layout API Endpoint with a crafted payload containing potentially malicious code. Monitor the response for unexpected behavior or errors.
curl -X POST -d 'content=<script>alert("XSS")</script>' http://your-kodicms-site/cms/modules/kodicms/classes/kodicms/model/file.phpdisclosure
Exploit Status
EPSS
0.06% (19% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-15393 is to upgrade KodiCMS to version 13.82.136 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Input validation on the 'content' argument within the Layout API Endpoint can help prevent malicious code injection. Web application firewalls (WAFs) configured to detect and block code injection attempts can also provide a layer of protection. Monitor application logs for suspicious activity related to the Layout API Endpoint.
Werk KodiCMS bij naar een gepatchte versie die de code injectie kwetsbaarheid oplost. Indien er geen versie beschikbaar is, overweeg dan om de Layout API Endpoint module uit te schakelen of te verwijderen totdat een oplossing is gepubliceerd. Controleer en valideer gebruikersinvoer om de uitvoering van kwaadaardige code te voorkomen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-15393 is a code injection vulnerability affecting KodiCMS versions up to 13.82.135, allowing attackers to inject malicious code via the Layout API Endpoint.
If you are using KodiCMS version 13.82.135 or earlier, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade KodiCMS to version 13.82.136 or later to resolve this code injection vulnerability. Implement input validation as a temporary workaround.
While no confirmed active campaigns are known, the public disclosure of the exploit suggests a high probability of exploitation.
Refer to the KodiCMS website or security mailing lists for the official advisory regarding CVE-2025-15393.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.