CVE-2025-47916
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 14, 2025
- Published Date
- May 16, 2025
- Last Updated
- May 17, 2025
- Vendor
- invisioncommunity
- Product
- Invision Power Board
- Description
- Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
- Tags
- Score
- 73.60% (Percentile: 98.73%) as of 2025-06-14
- Exploitation
- poc
- Automatable
- Yes
- Technical Impact
- total
nuclei_scanner
metasploit_scanner
php
CVSS Scores
CVSS v3.1
10.0 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
SSVC Information
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-05-19 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/invision_customcss_rce.rb | 2025-06-09 13:48:36 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-47916.yaml | 2025-05-26 13:30:27 UTC |
Timeline
-
CVE ID Reserved
-
Proof of Concept Exploit Available
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit