Cyber Resilience

CVE-2025-53833

Critical

Published: 14 July 2025

Published
14 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.2082 95.7th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53833 is a critical-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

LaRecipe is a documentation tool that renders Markdown content inside Laravel applications. Versions prior to 2.8.1 contain a Server-Side Template Injection vulnerability (CWE-1336) that can result in remote code execution when the application is deployed with certain template or configuration settings enabled. The flaw received a CVSS 3.1 score of 10.0, reflecting network-accessible, unauthenticated attack paths with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can supply crafted Markdown input that is processed by the template engine, allowing execution of arbitrary commands on the underlying server, disclosure of environment variables, or further privilege escalation depending on the runtime configuration. Because the vector requires no user interaction or credentials, any publicly reachable LaRecipe instance prior to the fix is exposed.

The project’s GitHub security advisory and associated pull request direct users to upgrade immediately to version 2.8.1 or later, where the injection issue has been addressed through the commit that sanitizes template input. The referenced advisory (GHSA-jv7x-xhv2-p5v2) and patch commit provide the concrete remediation steps.

EPSS for the CVE reached a peak of 0.3215 on 2026-02-18 before receding to the current value of 0.2082, indicating a period of elevated exploitation interest after disclosure. No information on observed in-the-wild exploitation is supplied in the available references.

EU & UK References

Vulnerability details

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers…

more

could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

SSTI in public-facing Laravel web app directly enables unauthenticated RCE via command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-54954Shared CWE-1336
CVE-2026-41713Shared CWE-1336
CVE-2026-21449Shared CWE-1336
CVE-2024-57177Shared CWE-1336
CVE-2026-34906Shared CWE-1336
CVE-2025-1040Shared CWE-1336
CVE-2026-25526Shared CWE-1336
CVE-2026-21448Shared CWE-1336
CVE-2025-53909Shared CWE-1336
CVE-2026-34587Shared CWE-1336

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the SSTI vulnerability by requiring timely identification, reporting, and patching of the flaw in LaRecipe versions prior to 2.8.1.

prevent

Prevents SSTI exploitation by enforcing validation and sanitization of untrusted user-supplied Markdown inputs before template processing.

detect

Identifies the presence of the critical SSTI vulnerability through ongoing vulnerability scanning, enabling proactive remediation.

References