CVE-2025-53833
"LaRecipe Server-Side Template Injection Vulnerability"
Description
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
INFO
Published Date :
July 14, 2025, 11:15 p.m.
Last Modified :
July 15, 2025, 1:14 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
6.0
Exploitability Score :
3.9
Public PoC/Exploit Available at Github
CVE-2025-53833 has a 1 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2025-53833
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-53833.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2025-53833
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-53833 vulnerability anywhere in the article.
-
Daily CyberSecurity
CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps
A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned CVE-2025-53833 and scored a perfect 10.0 CVSS, indicating critic ... Read more
-
Daily CyberSecurity
HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts
Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster identified as CL-STA-1020. The campaign, which began in late 2024, has targeted gover ... Read more
-
Daily CyberSecurity
CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform
A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and video management, with over 70,000 stars on GitHub. Tracked as CVE-2025-43856 and ... Read more
-
Daily CyberSecurity
Critical Apache Jackrabbit Flaw (CVE-2025-53689): XXE Attacks Allow Data Exfiltration & DoS
A critical XML External Entity (XXE) vulnerability has been identified in multiple versions of Apache Jackrabbit, a popular open-source implementation of the Java Content Repository (JCR) specificatio ... Read more
-
Daily CyberSecurity
MoonPay CEO Falls Victim to Crypto Scam: Imposter Steve Witkoff Dupes Executive for $250K
The cryptocurrency industry is no stranger to scams, yet it’s rare to see senior executives of crypto wallet firms fall victim to such schemes. That changed recently when Ivan Soto-Wright, CEO of the ... Read more
The following table lists the changes that have been made to the
CVE-2025-53833 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Jul. 14, 2025
Action Type Old Value New Value Added Description LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-1336 Added Reference https://github.com/saleem-hadad/larecipe/commit/c1d0d56889655ce5f2645db5acf0e78d5fc3b36b Added Reference https://github.com/saleem-hadad/larecipe/pull/390 Added Reference https://github.com/saleem-hadad/larecipe/security/advisories/GHSA-jv7x-xhv2-p5v2
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-53833 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-53833
weaknesses.