CVE-2025-71243 | THREATINT

Description

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

PUBLISHED Reserved 2026-02-19 | Published 2026-02-19 | Updated 2026-02-19 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

5.4.0 (semver) before 5.11.1

affected

Credits

OpenStudio finder

References

blog.spip.net/...que-de-securite-pour-le-plugin-Saisies.html vendor-advisory patch

plugins.spip.net/saisies product

www.vulncheck.com/...ip-saisies-plugin-remote-code-execution (VulnCheck Advisory: SPIP Saisies Plugin < 5.11.1 Remote Code Execution) third-party-advisory

cve.org (CVE-2025-71243)

nvd.nist.gov (CVE-2025-71243)

Download JSON