Vulnerability Database

315,294

Total vulnerabilities in the database

CVE-2025-64050

A Remote Code Execution (RCE) vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages using the compromised template.

Published: Nov 25, 2025
Updated: Dec 4, 2025
CVE: CVE-2025-64050
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
redaxo / redaxo	5.20.0	5.20.0.x

https://drive.google.com/drive/folders/1Via4r4wn5zCcBllWmHpxYweCPgcbN0bz?usp=sharing
https://github.com/redaxo/redaxo
https://github.com/vettrivel007/CVE-Disclosures/blob/main/CVE-2025-64050.md

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo