CVE-2025-53833

CRITICAL EXPLOITED NUCLEI LAB

LaRecipe <2.8.1 - SSRF/RCE

Title source: llm

Description

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

Exploits (2)

nomisec WRITEUP

by iQingshan · poc

https://github.com/iQingshan/Blackash-CVE-2025-53833

View Code ZIP pw:eip

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-53833

View Code ZIP pw:eip

Nuclei Templates (1)

LaRecipe < 2.8.1 Remote Code Execution via SSTI

CRITICALVERIFIEDby iamnoooob,pdresearch

FOFA: body="/binarytorch/larecipe/"

References (3)

[Patch] https://github.com/saleem-hadad/larecipe/commit/c1d0d56889655ce5f2645db5acf0e78d5fc3b36b

[Issue Tracking] https://github.com/saleem-hadad/larecipe/pull/390

[Vendor Advisory] https://github.com/saleem-hadad/larecipe/security/advisories/GHSA-jv7x-xhv2-p5v2

Scores

CVSS v3 10.0

EPSS 0.2635

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Lab Environment

Lab screenshot

patched vulnerable

docker pull ghcr.io/exploitintel/cve-2025-53833-vulnerable:latest

All Labs GitHub

Exploitation Intel

VulnCheck KEV 2025-08-07

Classification

CWE

CWE-1336

Status draft

Affected Products (1)

binarytorch/larecipe < 2.8.1Packagist

Timeline

Published Jul 14, 2025

Tracked Since Feb 18, 2026