CVE-2025-32461 identifies two Server-Side Template Injection (SSTI) vulnerabilities in Tiki Wiki CMS Groupware versions up to and including 28.3. SSTI vulnerabilities occur when user input is improperly sanitized and subsequently evaluated or rendered by a server-side template engine. This can allow an attacker to inject malicious template code, which the server executes, potentially leading to remote code execution (RCE), data leakage, or unauthorized system access. Tiki Wiki CMS Groupware is an open-source content management and collaboration platform widely used for creating wikis, intranets, and groupware solutions. The presence of two distinct SSTI vulnerabilities suggests multiple template rendering components or endpoints are affected. Although no CVSS score or detailed technical exploit information is provided, the medium severity rating implies that exploitation may require some conditions such as specific user input vectors or partial authentication, but still poses a significant risk. No known exploits are currently reported in the wild, and patch information is not yet available, indicating that this is a recently disclosed vulnerability. The source of information is a Reddit NetSec post linking to karmainsecurity.com, a recognized security research outlet, lending credibility to the report. Given the nature of SSTI vulnerabilities, successful exploitation could allow attackers to execute arbitrary code on the server hosting the Tiki Wiki CMS, leading to full system compromise, data theft, or service disruption.

For European organizations using Tiki Wiki CMS Groupware, this vulnerability could have serious consequences. Many public sector institutions, educational organizations, and enterprises in Europe rely on Tiki Wiki for internal knowledge management and collaboration. Exploitation of these SSTI vulnerabilities could lead to unauthorized access to sensitive information, including personal data protected under GDPR, intellectual property, and internal communications. This could result in data breaches, regulatory fines, reputational damage, and operational disruptions. Additionally, compromised servers could be leveraged as pivot points for lateral movement within networks, increasing the risk of broader cyberattacks. The medium severity rating suggests that while exploitation may not be trivial, the impact on confidentiality, integrity, and availability is significant enough to warrant urgent attention. The absence of known exploits in the wild provides a window for proactive mitigation before widespread attacks occur.

European organizations should immediately audit their Tiki Wiki CMS Groupware installations to identify affected versions (<= 28.3). Until official patches are released, organizations should implement the following mitigations: 1) Restrict access to Tiki Wiki administration and template editing interfaces to trusted, authenticated users only, minimizing exposure to untrusted inputs. 2) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious template injection patterns or unusual payloads targeting template rendering endpoints. 3) Conduct thorough input validation and sanitization on all user-supplied data that interacts with template engines, applying strict whitelisting where possible. 4) Monitor logs for anomalous template execution attempts or errors indicative of SSTI exploitation. 5) Plan for rapid deployment of official patches once available from Tiki Wiki maintainers. 6) Consider isolating Tiki Wiki servers within segmented network zones to limit potential lateral movement in case of compromise. 7) Educate administrators and developers on the risks of SSTI and secure coding practices related to template engines.