--------------------------------------------------------------------------- Invision Community <= 5.0.6 (customCss) Remote Code Execution Vulnerability ---------------------------------------------------------------------------
[-] Software Link: https://invisioncommunity.com [-] Affected Versions: All versions from 5.0.0 to 5.0.6. [-] Vulnerability Description: The vulnerability is located in the /applications/core/modules/front/system/themeeditor.php script. Specifically, into the IPS\core\modules\front\system\themeeditor::customCss() method. This protected method can be invoked by unauthenticated users and passes the value of the "content" request parameter to the Theme::makeProcessFunction() method. As a result, the input is processed by the template engine. This behavior can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by supplying crafted template strings. [-] Proof of Concept: https://karmainsecurity.com/pocs/CVE-2025-47916.php [-] Solution: Upgrade to version 5.0.7 or later. [-] Disclosure Timeline: [10/05/2025] - Vendor notified [12/05/2025] - Version 5.0.7 released [12/05/2025] - CVE identifier requested [14/05/2025] - CVE identifier assigned [14/05/2025] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2025-47916 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Other References: https://invisioncommunity.com/release-notes-v5/507-r41/ [-] Original Advisory: http://karmainsecurity.com/KIS-2025-02 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
