CVE-2025-62369

HIGH

Xibo 4.1.0-4.3.0 - Authenticated Remote Code Execution via CMS Developer Module Templating

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-62369. PoCs published by cristibtz.

AI-analyzed exploit summary This is a detailed technical writeup for CVE-2025-62369, describing a Server-Side Template Injection (SSTI) vulnerability in Xibo CMS versions >=4.1.0-alpha,<4.3.1. The vulnerability allows authenticated users with specific permissions to execute arbitrary server-side functions via Twig template manipulation.

Description

Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System -> Add/Edit custom modules and templates" permissions to manipulate Twig filters and execute arbitrary server-side functions as the web server user. This issue is fixed in version 4.3.1. To workaround this issue, use the 4.1 and 4.2 patch commits.

Exploits (2)

github WRITEUP 1 stars

by cristibtz · javapoc

https://github.com/cristibtz/Security-Research/tree/main/CVE-2025-62369

View Code ZIP pw:eip

This is a detailed technical writeup for CVE-2025-62369, describing a Server-Side Template Injection (SSTI) vulnerability in Xibo CMS versions >=4.1.0-alpha,<4.3.1. The vulnerability allows authenticated users with specific permissions to execute arbitrary server-side functions via Twig template manipulation.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Xibo CMS versions >=4.1.0-alpha,<4.3.1

Auth required

Prerequisites: Authenticated access with 'System -> Add/Edit custom modules and templates' permissions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by cristibtz · poc

https://github.com/cristibtz/CVE-2025-62369

View Code ZIP pw:eip

This PoC exploits an authenticated Server-Side Template Injection (SSTI) vulnerability in Xibo CMS to achieve Remote Code Execution (RCE) via a reverse shell. It leverages the Twig template engine to inject malicious payloads.