CVE-2025-71243

CRITICAL

SPIP Saisies 5.4.0-5.11.0 - RCE

Title source: llm

Description

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

Exploits (2)

nomisec WORKING POC 1 stars

by Chocapikk · poc

https://github.com/Chocapikk/CVE-2025-71243

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by OpenStudio · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spip_saisies_rce.rb

View Code ZIP pw:eip

References (3)

[Various Sources] https://blog.spip.net/Mise-a-jour-critique-de-securite-pour-le-plugin-Saisies.html

[Various Sources] https://plugins.spip.net/saisies

[Third Party Advisory] https://www.vulncheck.com/advisories/spip-saisies-plugin-remote-code-execution

Scores

CVSS v3 9.8

EPSS 0.3715

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94

Status published

Affected Products (1)

spip/saisies < 5.11.1

Timeline

Published Feb 19, 2026

Tracked Since Feb 19, 2026