CVE-2025-53833
CRITICALCVSS v3
10
CRITICAL
EPSS Score
16.8%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 7/14/2025
- Last Modified
- 4/15/2026
Frequently Asked Questions
What is CVE-2025-53833?
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to
Is CVE-2025-53833 actively exploited?
Active exploitation of CVE-2025-53833 has not been confirmed. The EPSS score is 16.8%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-53833?
CVE-2025-53833 has a CVSS v3 base score of 10 (CRITICAL severity), with vector string 3.1.
Is CVE-2025-53833 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.