SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. [已公开] id: CVE-2025-71243 info: name: SPIP Saisies - Remote Code Execution author: omarkurt severity: critical description: | SPIP Saisies plugin 5.4.0 through 5.11.0 contains a remote code execution caused by an unspecified flaw, letting attackers execute arbitrary code on the server, exploit requires no special conditions. remediation: | Update to version 5.11.1 or later. impact: Attackers can execute arbitrary code on the server, potentially leading to full system compromise. reference: - https://vulnerability.circl.lu/vuln/cve-2025-71243 - https://chocapikk.com/posts/2026/spip-saisies-rce/ - https://github.com/Chocapikk/CVE-2025-71243 - https://vulnerabletarget.com/VT-2025-71243 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-71243 epss-score: 0.80875 epss-percentile: 0.99136 cwe-id: CWE-94 metadata: verified: true max-request: 3 vendor: spip product: saisies shodan-query: 'http.html:"SPIP"' fofa-query: 'app="SPIP"' tags:

SPIP Saisies

POC: 已公开