CVE-2025-34113 is an authenticated command injection vulnerability identified in the Tiki Wiki CMS Groupware, specifically affecting versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14. The vulnerability exists in the 'tiki-calendar.php' script, where the 'viewmode' GET parameter is improperly handled when the calendar module is enabled. An attacker who is authenticated and has permission to access the calendar module can craft a specially designed request that injects arbitrary PHP code via the 'viewmode' parameter. This code executes with the privileges of the web server user, potentially allowing full remote code execution (RCE). The root cause is a missing or insufficient authentication check (CWE-306) combined with improper input validation (CWE-20) and command injection (CWE-78). The vulnerability does not require user interaction beyond authentication and can be exploited remotely over the network. The CVSS 4.0 base score is 8.7, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no need for user interaction. No public patches or exploits are currently documented, but the risk is significant given the potential for full system compromise. The vulnerability affects all listed versions of Tiki Wiki CMS Groupware, a widely used open-source collaborative platform for content management and groupware functions.

For European organizations, this vulnerability poses a serious risk to any systems running vulnerable versions of Tiki Wiki CMS Groupware, especially those using the calendar module. Successful exploitation can lead to remote code execution, allowing attackers to execute arbitrary commands, access sensitive data, modify or delete content, and potentially pivot within the network. This threatens confidentiality, integrity, and availability of organizational data and services. Given Tiki Wiki CMS's use in collaborative environments, the compromise could disrupt business operations, leak intellectual property, or facilitate further attacks such as ransomware deployment. Public sector, education, and enterprises relying on open-source CMS solutions are particularly vulnerable. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score indicates urgent attention is required to prevent exploitation. The vulnerability's requirement for authenticated access limits exposure but does not eliminate risk, as attackers may leverage stolen credentials or exploit weak authentication mechanisms.

1. Immediately review and restrict access permissions to the calendar module within Tiki Wiki CMS to only trusted users. 2. Monitor authentication logs for suspicious login activity that could indicate credential compromise. 3. Implement strict input validation and sanitization on the 'viewmode' parameter if custom patches or workarounds are applied. 4. Deploy Web Application Firewalls (WAFs) with rules to detect and block command injection patterns targeting the calendar module. 5. Maintain up-to-date backups of CMS data and configurations to enable recovery in case of compromise. 6. Engage with Tiki Software Community Association for official patches or updates addressing this vulnerability and apply them promptly once available. 7. Conduct security audits and penetration tests focusing on authentication mechanisms and input handling in the CMS. 8. Educate users on secure credential management to reduce risk of unauthorized access. 9. Consider isolating the CMS environment or running it with minimal privileges to limit impact of potential exploitation. 10. Monitor threat intelligence feeds for emerging exploit attempts targeting this CVE.