xibo-cms
修复版本
4.3.2
CVE-2025-62369 describes a Remote Code Execution (RCE) vulnerability affecting Xibo CMS versions 4.3.0 and earlier. This flaw allows authenticated users with elevated privileges to execute arbitrary code on the server. The vulnerability resides within the CMS Developer menu's Module Templating functionality. A patch addressing this issue is available in version 4.3.1.
An attacker exploiting this vulnerability could gain complete control over the Xibo CMS server. This could lead to data breaches, system compromise, and the potential for lateral movement within the network. The attacker would need to be an authenticated user with the "System -> Add/Edit custom modules and templates" permission. Successful exploitation involves manipulating Twig filters within the module templating system to execute arbitrary server-side functions. Given Xibo's use in digital signage deployments, attackers could potentially manipulate displayed content or gain access to sensitive data stored within the CMS.
This vulnerability was publicly disclosed on 2025-11-04. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's severity is rated HIGH (CVSS 7.2). It is not currently listed on the CISA KEV catalog.
Organizations utilizing Xibo CMS for digital signage deployments, particularly those running versions 4.3.0 or earlier, are at risk. Shared hosting environments where multiple users have access to CMS configuration are especially vulnerable, as is any deployment with overly permissive user roles.
• linux / server: Monitor Xibo CMS logs for unusual Twig filter usage or attempts to execute arbitrary code. Use journalctl -f to monitor CMS logs in real-time.
journalctl -f -u xibo-cms• php: Check for unauthorized modifications to module templates within the Xibo CMS installation directory.
find /var/www/xibo/ -name '*.twig' -mtime -7• generic web: Examine access logs for requests containing suspicious Twig filter parameters. Use grep to search for patterns indicative of exploitation attempts.
grep -i 'twig|filter' /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
0.55% (68% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation is to upgrade Xibo CMS to version 4.3.1 or later, which contains the fix for this vulnerability. If upgrading immediately is not possible, apply the patch commits from versions 4.1 and 4.2 as a temporary workaround. These commits address the underlying issue. Review user permissions to ensure that only authorized personnel have access to the "System -> Add/Edit custom modules and templates" functionality. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious attempts to manipulate Twig filters.
Actualice Xibo CMS a la versión 4.3.1 o superior. Como alternativa, aplique los parches de las versiones 4.1 y 4.2 disponibles en los commits especificados en las referencias del CVE. Esto solucionará la vulnerabilidad de ejecución remota de código.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-62369 is a Remote Code Execution vulnerability in Xibo CMS versions 4.3.0 and below. It allows authenticated users with specific permissions to execute arbitrary code on the server.
You are affected if you are running Xibo CMS versions 4.3.0 or earlier and have users with "System -> Add/Edit custom modules and templates" permissions.
Upgrade Xibo CMS to version 4.3.1 or later. As a temporary workaround, apply the patch commits from versions 4.1 and 4.2.
There is no confirmed active exploitation of CVE-2025-62369 at this time, but it is a HIGH severity vulnerability and should be addressed promptly.
Refer to the official Xibo CMS security advisory for detailed information and updates: [https://xibo.org/security/advisories](https://xibo.org/security/advisories)