CVE-2025-32461

Summary

wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.

Affected Software

VendorProductVersion RangeStatus
TikiTiki0 < 21.12affected
TikiTiki22 < 24.8affected
TikiTiki25 < 27.2affected
TikiTiki28 < 28.3affected

Weaknesses

  • CWE-1336: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References