CVE-2025-53833

CRITICAL EXPLOITED NUCLEI LAB

LaRecipe < 2.8.1 - Server-Side Template Injection

Title source: llm

Exploitation Summary

CVE-2025-53833 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including exploitintel, iQingshan. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-10622, demonstrating OS command injection in Foreman via the `ct_location` and `fcct_location` settings. The PoC scripts exploit the lack of server-side validation to execute arbitrary commands as the Foreman process user.

Description

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

Exploits (2)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-53833

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-10622, demonstrating OS command injection in Foreman via the `ct_location` and `fcct_location` settings. The PoC scripts exploit the lack of server-side validation to execute arbitrary commands as the Foreman process user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (3.12.0 through 3.16.0)

Auth required

Prerequisites: authenticated access to Foreman with `edit_settings` permission · REST API or GraphQL access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP

by iQingshan · poc

https://github.com/iQingshan/Blackash-CVE-2025-53833

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-53833, a critical SSTI vulnerability in LaRecipe versions prior to 2.8.1, leading to unauthenticated RCE. It includes root cause analysis, impact assessment, and mitigation steps.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LaRecipe < 2.8.1

No auth needed

Prerequisites: Access to a vulnerable LaRecipe instance

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

LaRecipe < 2.8.1 Remote Code Execution via SSTI

CRITICALVERIFIEDby iamnoooob,pdresearch

FOFA: body="/binarytorch/larecipe/"

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://github.com/saleem-hadad/larecipe/security/advisories/GHSA-jv7x-xhv2-p5v2

Issue Tracking x_refsource_misc

https://github.com/saleem-hadad/larecipe/pull/390

Patch x_refsource_misc

https://github.com/saleem-hadad/larecipe/commit/c1d0d56889655ce5f2645db5acf0e78d5fc3b36b

View Patch ZIP pw:eip

Related Analysis

CVEForge PoC Generation

Zero to RCE

Five CVEs Case Study

Scores

CVSS v3 10.0

EPSS 0.2082

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2025-53833-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-53833-vulnerable:latest

View in Library GitHub

Details

VulnCheck KEV 2025-08-07

CWE

CWE-1336

Status published

Products (2)

binarytorch/larecipe 0 - 2.8.1Packagist

saleem-hadad/larecipe < 2.8.1

Published Jul 14, 2025

Tracked Since Feb 18, 2026