Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Saisies pour formulaire by SPIP
CVE-2025-71243 (GCVE-0-2025-71243)
Vulnerability from nvd – Published: 2026-02-19 14:58 – Updated: 2026-03-05 01:29
VLAI
EPSS
VEX
Title
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
Summary
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blog.spip.net/Mise-a-jour-critique-de-sec… | vendor-advisorypatch |
| https://plugins.spip.net/saisies | product |
| https://www.vulncheck.com/advisories/spip-saisies… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SPIP | Saisies pour formulaire |
Affected:
5.4.0 , < 5.11.1
(semver)
|
Date Public
2025-02-12 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T20:14:37.547742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T20:15:39.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Saisies pour formulaire",
"vendor": "SPIP",
"versions": [
{
"lessThan": "5.11.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:saisies_pour_formulaire:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OpenStudio"
}
],
"datePublic": "2025-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \u0027Saisies pour formulaire\u0027 (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:58.933Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-pour-le-plugin-Saisies.html"
},
{
"tags": [
"product"
],
"url": "https://plugins.spip.net/saisies"
},
{
"name": "VulnCheck Advisory: SPIP Saisies Plugin \u003c 5.11.1 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/spip-saisies-plugin-remote-code-execution"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SPIP Saisies Plugin \u003c 5.11.1 Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71243",
"datePublished": "2026-02-19T14:58:15.425Z",
"dateReserved": "2026-02-19T03:00:22.782Z",
"dateUpdated": "2026-03-05T01:29:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71243 (GCVE-0-2025-71243)
Vulnerability from cvelistv5 – Published: 2026-02-19 14:58 – Updated: 2026-03-05 01:29
VLAI
EPSS
VEX
Title
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
Summary
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blog.spip.net/Mise-a-jour-critique-de-sec… | vendor-advisorypatch |
| https://plugins.spip.net/saisies | product |
| https://www.vulncheck.com/advisories/spip-saisies… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SPIP | Saisies pour formulaire |
Affected:
5.4.0 , < 5.11.1
(semver)
|
Date Public
2025-02-12 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T20:14:37.547742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T20:15:39.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Saisies pour formulaire",
"vendor": "SPIP",
"versions": [
{
"lessThan": "5.11.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:saisies_pour_formulaire:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.11.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "OpenStudio"
}
],
"datePublic": "2025-02-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \u0027Saisies pour formulaire\u0027 (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:58.933Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-pour-le-plugin-Saisies.html"
},
{
"tags": [
"product"
],
"url": "https://plugins.spip.net/saisies"
},
{
"name": "VulnCheck Advisory: SPIP Saisies Plugin \u003c 5.11.1 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/spip-saisies-plugin-remote-code-execution"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SPIP Saisies Plugin \u003c 5.11.1 Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71243",
"datePublished": "2026-02-19T14:58:15.425Z",
"dateReserved": "2026-02-19T03:00:22.782Z",
"dateUpdated": "2026-03-05T01:29:58.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}