CVE-2025-47916CRITICAL 9.8EPSS p99.5%

CVE-2025-47916CVE-2025-47916

Description

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS78.23% probability of exploitation · percentile 99.5% · 2026-06-17T12:03:21Z
Published2025-05-16
Last modified2025-06-20

Underlying weaknesses· 2

CWE-1336CWE-94

References

  1. https://invisioncommunity.com/release-notes-v5/507-r41/
  2. https://karmainsecurity.com/KIS-2025-02
  3. http://seclists.org/fulldisclosure/2025/May/4
  4. https://karmainsecurity.com/KIS-2025-02

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements Used in a Template Enginecwe-13360%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-6990
CVE
CVE-2025-54815
CVE
CVE-2025-48828
CVE
CVE-2025-69397
CVE
CVE-2025-12637
CVE
CVE-2025-65602
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.