CVE-2025-63889

Currently unrated

Key Information:

Vendor: CVE Published:; 20 November 2025

What is CVE-2025-63889?

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.

References

https://www.yuque.com/lcc316/df0kgm/xqkrw5rfz5vqxo9t

https://gist.github.com/Master-0-0/dd63209602f04267f1a27a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Oct 27, 2025

JSON