Input Evaluation Flaw in Tiki Wiki Software
CVE-2025-32461

9.9CRITICAL

Key Information:

Vendor: Tiki
Status: Tiki
Vendor: CVE Published:; 9 April 2025

What is CVE-2025-32461?

The 'wikiplugin_includetpl' component in Tiki Wiki Software versions prior to 28.3 contains an input evaluation flaw allowing adversaries to manipulate inputs sent to the 'eval' function. This vulnerability may lead to unintended code execution, thereby compromising the integrity of the application. Fixed versions include Tiki 21.12, 24.8, 27.2, and 28.3, which mitigate the risk by ensuring proper input handling.

Affected Version(s)

Tiki 0 < 21.12

Tiki 22 < 24.8

Tiki 25 < 27.2

References

https://tiki.org/article517

https://tiki.org/article518

https://gitlab.com/tikiwiki/tiki/-/commit/be8dc1aa220fbce...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2025