Vulnerability Database

296,108

Total vulnerabilities in the database

CVE-2025-52122

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
Composer icon solspace / craft-freeform 5.0.0 5.10.16