{"id":"CVE-2025-62369","summary":"Xibo CMS: Remote Code Execution through module templates","details":"Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with \"System -\u003e Add/Edit custom modules and templates\" permissions to manipulate Twig filters and execute arbitrary server-side functions as the web server user. This issue is fixed in version 4.3.1. To workaround this issue, use the 4.1 and 4.2 patch commits.","aliases":["GHSA-7rmm-689c-gjgv"],"modified":"2026-04-02T12:57:45.225102Z","published":"2025-11-04T21:18:38.880Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62369.json","cwe_ids":["CWE-1336","CWE-94"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/xibosignage/xibo-cms/releases/tag/4.3.1"},{"type":"WEB","url":"https://patch-diff.githubusercontent.com/raw/xibosignage/xibo-cms/pull/3128.patch"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62369.json"},{"type":"ADVISORY","url":"https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7rmm-689c-gjgv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62369"},{"type":"FIX","url":"https://github.com/xibosignage/xibo-cms/commit/0f4e88396111ea027785a48dd8f5eeb14536bd71"},{"type":"FIX","url":"https://github.com/xibosignage/xibo-cms/commit/ecd4f9d2cea739a46756a108a839cac80f65cf10"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xibosignage/xibo-cms","events":[{"introduced":"a66c89cc0104bf516cd9b53654489b665e6b26ab"},{"fixed":"1bc15f8d3a8d88e52898fdf3b6ddcddcd7b65423"}]}],"versions":["4.1.0","4.1.1","4.1.2","4.2.0","4.2.1","4.2.2","4.2.3","4.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62369.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}