Description

Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System -> Add/Edit custom modules and templates" permissions to manipulate Twig filters and execute arbitrary server-side functions as the web server user. This issue is fixed in version 4.3.1. To workaround this issue, use the 4.1 and 4.2 patch commits.

INFO

Published Date :

2025-11-04T21:18:38.880Z

Last Modified :

2025-11-05T14:29:33.887Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62369 vulnerability.

Vendors Products
Xibosignage
  • Xibo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62369.

URL Resource
https://github.com/xibosignage/xibo-cms/commit/0f4e88396111ea027785a48dd8f5eeb14536bd71 cve-icon cve-icon
https://github.com/xibosignage/xibo-cms/commit/ecd4f9d2cea739a46756a108a839cac80f65cf10 cve-icon cve-icon
https://github.com/xibosignage/xibo-cms/releases/tag/4.3.1 cve-icon cve-icon
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7rmm-689c-gjgv cve-icon cve-icon
https://patch-diff.githubusercontent.com/raw/xibosignage/xibo-cms/pull/3128.patch cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact