CVE-2025-67891 | pkp pkp-lib up to 3.4.0-10/3.5.0-3 compileLess baseUrl code injection

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability has been found in pkp pkp-lib up to 3.4.0-10/3.5.0-3 and classified as critical. This issue affects the function PKPTemplateManager::compileLess. This manipulation of the argument baseUrl causes code injection.

This vulnerability is handled as CVE-2025-67891. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2025-67891 | pkp pkp-lib up to 3.4.0-10/3.5.0-3 compileLess baseUrl code injection

Post correlati

CVE-2025-4798 | Lester Chan WP-DownloadManager Plugin up to 1.68.10 on WordPress wp-config.php denial of service

CVE-2024-7154 | TOTOLINK A3700R 9.1.2u.5822_B20200513 Password Reset /wizard.html access control

CVE-2025-10108 | Campcodes Online Loan Management System 1.0 ajax.php?action=delete_loan ID sql injection

CVE-2024-7894 | If Menu Plugin up to 0.19.1 on WordPress License Key authorization