修复版本
5.11.1
CVE-2025-71243 is a critical Remote Code Execution (RCE) vulnerability affecting the 'Saisies pour formulaire' (Saisies) plugin for SPIP. This vulnerability allows an attacker to execute arbitrary code on the server, potentially leading to complete system compromise. The vulnerability impacts SPIP versions 5.4.0 through 5.11.0, and a fix is available in version 5.11.1.
Successful exploitation of CVE-2025-71243 allows an attacker to execute arbitrary code on the server hosting the SPIP instance. This could involve gaining full control of the web server, exfiltrating sensitive data (user credentials, database contents, configuration files), installing malware, or using the compromised server as a launchpad for further attacks against internal networks. The RCE nature of the vulnerability means an attacker doesn't need authentication to execute code, significantly expanding the potential attack surface. This vulnerability shares characteristics with other plugin-based RCE vulnerabilities, where improper input validation leads to code injection.
CVE-2025-71243 was publicly disclosed on 2026-02-19. The vulnerability is considered high probability due to its RCE nature and the availability of SPIP instances running vulnerable versions. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the severity of the vulnerability suggests that it is a potential target for exploitation. It has not been added to the CISA KEV catalog.
Organizations and individuals using SPIP CMS with the 'Saisies pour formulaire' plugin in versions 5.4.0 through 5.11.0 are at risk. This includes websites utilizing the plugin for form processing and data collection. Shared hosting environments where multiple websites share the same server instance are particularly vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'saisies_pour_formulaire' /var/www/html/• generic web:
curl -I https://your-spip-site.com/plugins/saisies_pour_formulaire/• generic web:
curl -I https://your-spip-site.com/plugins/saisies_pour_formulaire/index.php?action=plugin_versiondisclosure
漏洞利用状态
EPSS
80.88% (99% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-71243 is to immediately upgrade the 'Saisies pour formulaire' plugin to version 5.11.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting access to the plugin's functionality via a web application firewall (WAF) or proxy server, configuring strict input validation rules to sanitize user-supplied data, and closely monitoring server logs for suspicious activity. After upgrading, verify the fix by attempting to trigger the vulnerable functionality and confirming that it is now properly sanitized and does not result in code execution.
Actualice el plugin 'Saisies pour formulaire' a la versión 5.11.1 o posterior. Esta actualización corrige una vulnerabilidad de ejecución remota de código. Puede actualizar el plugin a través del panel de administración de SPIP.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-71243 is a critical Remote Code Execution vulnerability in the Saisies pour formulaire plugin for SPIP, allowing attackers to execute arbitrary code on the server.
You are affected if you are using SPIP with the Saisies pour formulaire plugin in versions 5.4.0 through 5.11.0. Upgrade to 5.11.1 or later to resolve the issue.
Upgrade the Saisies pour formulaire plugin to version 5.11.1 or later. Consider temporary WAF rules if immediate upgrade isn't possible.
While no public exploits are currently known, the vulnerability's severity suggests it is a potential target for exploitation.
Refer to the official SPIP security advisory for detailed information and updates regarding CVE-2025-71243.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。