Vulnerability Description
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invisioncommunity | Invisioncommunity | >= 5.0.0, < 5.0.7 |
Related Weaknesses (CWE)
References
- https://invisioncommunity.com/release-notes-v5/507-r41/Release Notes
- https://karmainsecurity.com/KIS-2025-02ExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2025/May/4Mailing ListThird Party Advisory
- https://karmainsecurity.com/KIS-2025-02ExploitThird Party Advisory
FAQ
What is CVE-2025-47916?
CVE-2025-47916 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/f...
How severe is CVE-2025-47916?
CVE-2025-47916 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-47916?
Check the references section above for vendor advisories and patch information. Affected products include: Invisioncommunity Invisioncommunity.