CVE-2025-53833

CRITICAL EXPLOITED NUCLEI LAB

LaRecipe <2.8.1 - SSRF/RCE

Title source: llm

Description

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

Exploits (2)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-53833

View Code ZIP pw:eip

nomisec WRITEUP

by iQingshan · poc

https://github.com/iQingshan/Blackash-CVE-2025-53833

View Code ZIP pw:eip

Nuclei Templates (1)

LaRecipe < 2.8.1 Remote Code Execution via SSTI

CRITICALVERIFIEDby iamnoooob,pdresearch

FOFA: body="/binarytorch/larecipe/"

References (3)

[Patch] https://github.com/saleem-hadad/larecipe/commit/c1d0d56889655ce5f2645db5acf0e78d5fc3b36b

[Issue Tracking] https://github.com/saleem-hadad/larecipe/pull/390

[Vendor Advisory] https://github.com/saleem-hadad/larecipe/security/advisories/GHSA-jv7x-xhv2-p5v2

Related Analysis

CVEForge PoC Generation

Zero to RCE

Five CVEs Case Study

Scores

CVSS v3 10.0

EPSS 0.1676

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Lab Environment

EIP LAB

Lab screenshot

patched docker pull ghcr.io/exploitintel/cve-2025-53833-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-53833-vulnerable:latest

View in Library GitHub

Details

VulnCheck KEV 2025-08-07

CWE

CWE-1336

Status published

Products (2)

binarytorch/larecipe 0 - 2.8.1Packagist

saleem-hadad/larecipe < 2.8.1

Published Jul 14, 2025

Tracked Since Feb 18, 2026