CVE-2025-15148 identifies a code injection vulnerability in CmsEasy, a content management system, affecting all versions from 7.7.0 to 7.7.7. The vulnerability resides in the savetemp_action function located in the /lib/admin/template_admin.php file, which handles backend template management. Specifically, the flaw arises from improper sanitization or validation of the content/tempdata parameter, allowing an attacker to inject malicious code remotely. Exploitation does not require user interaction but does require the attacker to have high privileges (administrative level) on the system, which limits the attack surface. The vulnerability can lead to unauthorized code execution, potentially allowing attackers to manipulate site content, execute arbitrary commands, or compromise the server hosting CmsEasy. Despite the exploit being publicly available, no active exploitation has been reported. The vendor was contacted early but has not issued a patch or response, leaving users exposed. The CVSS v4.0 base score is 5.1 (medium severity), reflecting the moderate impact and the requirement for high privileges. The vulnerability affects the confidentiality, integrity, and availability of the system, with low complexity of attack but limited scope due to privilege requirements. No official patch links are available, so mitigations must be applied by administrators.

The vulnerability allows attackers with administrative privileges to inject arbitrary code remotely, which can lead to full system compromise, data theft, defacement, or service disruption. For organizations using CmsEasy in affected versions, this can result in loss of sensitive data, unauthorized access to backend systems, and potential lateral movement within the network. The absence of vendor response and patches increases the risk exposure. Attackers exploiting this flaw could manipulate website templates to embed malicious payloads, impacting website visitors and damaging organizational reputation. The medium severity score reflects that while exploitation requires high privileges, the potential damage to confidentiality, integrity, and availability is significant. Organizations relying on CmsEasy for critical web infrastructure or customer-facing portals are at higher risk, especially if administrative accounts are compromised or weakly protected.

Since no official patch is available, organizations should immediately restrict administrative access to CmsEasy backend interfaces using network segmentation, VPNs, or IP whitelisting. Implement strong authentication controls, including multi-factor authentication, to reduce the risk of privilege escalation or credential compromise. Regularly audit and monitor administrative account activities for suspicious behavior. Sanitize and validate all inputs at the application level where possible to reduce injection risks. Consider disabling or restricting the savetemp_action functionality if feasible. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the content/tempdata parameter. Maintain regular backups of website data and configurations to enable recovery in case of compromise. Monitor threat intelligence feeds for updates or vendor patches and apply them promptly once available.