CVE-2025-65271HIGH 8.8EPSS p27.6%

CVE-2025-65271CVE-2025-65271

Description

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.6% · 2026-06-19T12:03:05Z
Published2025-12-08
Last modified2025-12-12

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/1337Skid/CVE-2025-65271
  2. https://github.com/Azuriom/Azuriom
  3. https://github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec
  4. https://www.github.com/Azuriom/Azuriom
  5. https://www.github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec
  6. https://github.com/1337Skid/CVE-2025-65271

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57130
CVE
CVE-2025-23530
CVE
CVE-2025-65602
CVE
CVE-2025-65840
CVE
CVE-2025-54815
CVE
CVE-2025-22957
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.