Server-Side Template Injection Vulnerability in LaRecipe by Saleem Hadad
CVE-2025-53833

10CRITICAL

Key Information:

Vendor

Saleem-hadad

Status
Larecipe
Vendor
CVE Published:
14 July 2025

What is CVE-2025-53833?

LaRecipe, a documentation application that uses Markdown within a Laravel framework, is susceptible to Server-Side Template Injection in versions prior to 2.8.1. This vulnerability could enable attackers to execute arbitrary commands on the server and access sensitive environment variables, potentially leading to Remote Code Execution in improperly configured setups. It is crucial for users of LaRecipe to upgrade to version 2.8.1 or later to mitigate these risks and enhance the security of their applications.

Affected Version(s)

larecipe < 2.8.1

References

https://github.com/saleem-hadad/larecipe/security/advisor...
x_refsource_CONFIRM
https://github.com/saleem-hadad/larecipe/pull/390
x_refsource_MISC
https://github.com/saleem-hadad/larecipe/commit/c1d0d5688...
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53833 : Server-Side Template Injection Vulnerability in LaRecipe by Saleem Hadad