CVE-2025-67893 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 compileLess addLessVariables code injection

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability was found in pkp pkp-lib up to 3.4.0-9/3.5.0-1 and classified as critical. Impacted is the function PKPTemplateManager::compileLess. Such manipulation of the argument addLessVariables leads to code injection.

This vulnerability is uniquely identified as CVE-2025-67893. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2025-67893 | pkp pkp-lib up to 3.4.0-9/3.5.0-1 compileLess addLessVariables code injection

Post correlati

CVE-2023-4221 | Chamilo LMS up to 1.11.24 openoffice_presentation.class.php os command injection

CVE-2024-24779 | Apache Superset up to 3.0.3/3.1.0 authorization

CVE-2024-43938 | Jeroen Peters Name Directory Plugin up to 1.29.0 on WordPress cross site scripting

CVE-2023-44301 | Dell PowerProtect Data Manager DM5500 Appliance up to 5.14 cross site scripting (dsa-2023-425)