CVE 8.8 HIGH

CVE-2025-65271_CVE-2025-65271

December 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

AI Analysis

Client-side template injection vulnerability in Azuriom CMS allowing privilege escalation

Basic Information

ID CVE-2025-65271

Source mitre

Published Dec 8, 2025 at 00:00

Modified Dec 11, 2025 at 14:37

Affected Product

Vendor Azuriom

Product Azuriom

Version < 1.2.7

Affected Versions n/a n/a n/a

CWE Classification

CWE-94

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Azuriom

Product Azuriom CMS

Version < 1.2.7

References

{
    "lastseen": "",
    "description": "Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.",
    "published": "2025-12-08T00:00:00.000Z",
    "modified": "2025-12-11T14:37:05.722Z",
    "type": "cve",
    "title": "CVE-2025-65271",
    "source": "mitre",
    "references": "https://github.com/Azuriom/Azuriom\nhttps://www.github.com/Azuriom/Azuriom\nhttps://github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec\nhttps://www.github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec\nhttps://github.com/1337Skid/CVE-2025-65271",
    "id": "CVE-2025-65271",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Azuriom",
    "version": "< 1.2.7",
    "vendor": "Azuriom",
    "ai_description": "Client-side template injection vulnerability in Azuriom CMS allowing privilege escalation",
    "ai_severity": "High",
    "ai_vendor": "Azuriom",
    "ai_product": "Azuriom CMS",
    "ai_version": "< 1.2.7",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply