{"id":"CVE-2025-54815","details":"Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.","modified":"2026-03-14T12:43:56.921755Z","published":"2025-09-19T20:15:39.710Z","references":[{"type":"ADVISORY","url":"https://github.com/yandaozi/PPress/releases/tag/v0.0.9-beta"},{"type":"EVIDENCE","url":"https://github.com/quarter77/PPress-CMS_vulnerability_chain_details/blob/main/CVE-2025-54815%20Details.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yandaozi/PPress","events":[{"introduced":"0"},{"last_affected":"afe3a7d71b76d2bda0fced5c9b26119a8e2c5427"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.0.9-beta"}]}},{"type":"GIT","repo":"https://github.com/yandaozi/ppress","events":[{"introduced":"0"},{"fixed":"afe3a7d71b76d2bda0fced5c9b26119a8e2c5427"}]}],"versions":["v0.0.9-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54815.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}