CVE 9.3 CRITICAL

SPIP Saisies Plugin < 5.11.1 Remote Code Execution_CVE-2025-71243

February 19, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

AI Analysis

Remote Code Execution (RCE) vulnerability in the Saisies plugin for SPIP

Basic Information

ID CVE-2025-71243

Source VulnCheck

Published Feb 19, 2026 at 14:58

Affected Product

Vendor SPIP

Product Saisies pour formulaire

Version 5.4.0

Affected Versions SPIP Saisies pour formulaire 5.4.0

CWE Classification

CWE-94

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SPIP

Product Saisies pour formulaire

Version 5.4.0-5.11.0

References

{
    "lastseen": "",
    "description": "The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.",
    "published": "2026-02-19T14:58:15.425Z",
    "modified": "2026-02-19T14:58:15.425Z",
    "type": "cve",
    "title": "SPIP Saisies Plugin < 5.11.1 Remote Code Execution",
    "source": "VulnCheck",
    "references": "https://blog.spip.net/Mise-a-jour-critique-de-securite-pour-le-plugin-Saisies.html\nhttps://plugins.spip.net/saisies\nhttps://www.vulncheck.com/advisories/spip-saisies-plugin-remote-code-execution",
    "id": "CVE-2025-71243",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SPIP Saisies pour formulaire 5.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Saisies pour formulaire",
    "version": "5.4.0",
    "vendor": "SPIP",
    "ai_description": "Remote Code Execution (RCE) vulnerability in the Saisies plugin for SPIP",
    "ai_severity": "Critical",
    "ai_vendor": "SPIP",
    "ai_product": "Saisies pour formulaire",
    "ai_version": "5.4.0-5.11.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply