13.82.136
A code injection vulnerability has been identified in KodiCMS versions up to 13.82.135. This flaw resides within the Save function of the Layout API Endpoint (cms/modules/kodicms/classes/kodicms/model/file.php) and allows attackers to inject arbitrary code by manipulating the 'content' argument. Successful exploitation can lead to remote code execution, potentially compromising the entire system. The vulnerability was publicly disclosed on 2025-12-31 and a patch is available in version 13.82.136.
The code injection vulnerability in KodiCMS poses a significant risk. An attacker who successfully exploits this flaw can execute arbitrary code on the server hosting the KodiCMS application. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also leverage this access to move laterally within the network, compromising other systems and data. Given the publicly disclosed nature of the exploit, the potential for widespread exploitation is high, particularly if systems remain unpatched.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While no active campaigns have been definitively linked to this CVE as of the publication date, the availability of a public exploit suggests that attackers are actively seeking to exploit vulnerable systems. The vulnerability is not currently listed on CISA KEV, but its medium severity and public disclosure warrant close monitoring. The vendor's lack of response to early disclosure notifications is concerning.
Organizations utilizing KodiCMS versions 13.82.135 and earlier, particularly those with publicly accessible instances of the Layout API Endpoint, are at significant risk. Shared hosting environments where multiple users share the same KodiCMS installation are also vulnerable, as a compromise of one user's instance could potentially affect others.
• php: Examine application logs for unusual activity related to the Layout API Endpoint. Search for POST requests with suspicious content in the 'content' parameter.
grep -i 'kodicms/classes/kodicms/model/file.php' /var/log/apache2/access.log | grep -i 'content='• generic web: Use curl to test the Layout API Endpoint with a crafted payload containing potentially malicious code. Monitor the response for unexpected behavior or errors.
curl -X POST -d 'content=<script>alert("XSS")</script>' http://your-kodicms-site/cms/modules/kodicms/classes/kodicms/model/file.phpdisclosure
漏洞利用状态
EPSS
0.06% (19% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-15393 is to upgrade KodiCMS to version 13.82.136 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. Input validation on the 'content' argument within the Layout API Endpoint can help prevent malicious code injection. Web application firewalls (WAFs) configured to detect and block code injection attempts can also provide a layer of protection. Monitor application logs for suspicious activity related to the Layout API Endpoint.
升级 KodiCMS 到修复代码注入漏洞的补丁版本。如果不可用,请考虑禁用或删除 Layout API Endpoint 模块,直到发布解决方案。审查并验证用户输入,以防止恶意代码执行。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15393 is a code injection vulnerability affecting KodiCMS versions up to 13.82.135, allowing attackers to inject malicious code via the Layout API Endpoint.
If you are using KodiCMS version 13.82.135 or earlier, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade KodiCMS to version 13.82.136 or later to resolve this code injection vulnerability. Implement input validation as a temporary workaround.
While no confirmed active campaigns are known, the public disclosure of the exploit suggests a high probability of exploitation.
Refer to the KodiCMS website or security mailing lists for the official advisory regarding CVE-2025-15393.