CVE-2025-14731

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a template engine. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
ctcms_projectctcms
𝑥
≤ 2.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN
https://note-hxlab.wetolink.com/share/U6cnRoRfn09r
https://vuldb.com/?ctiid.336488
https://vuldb.com/?id.336488
https://vuldb.com/?submit.707106
https://vuldb.com/?submit.707107
https://note-hxlab.wetolink.com/share/Ros8ZIeCLQrN
https://note-hxlab.wetolink.com/share/U6cnRoRfn09r