Arbitrary Content Modification in Kirby CMS by GetKirby
CVE-2025-65012

5.1MEDIUM

Key Information:

Vendor: Getkirby
Status: Kirby
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-65012?

A vulnerability in Kirby CMS allows authenticated users to exploit the system by modifying page titles and usernames with malicious strings. This can lead to the execution of arbitrary code if another authenticated user interacts with the 'Changes' dialog in the Panel. This issue affects all versions 5.0.0 to 5.1.3, and users are encouraged to update to version 5.1.4 or later to mitigate the risk.

Affected Version(s)

kirby >= 5.0.0, < 5.1.4

References

https://github.com/getkirby/kirby/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/getkirby/kirby/releases/tag/5.1.4

x_refsource_MISC

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Nov 13, 2025

JSON

Getkirby

What is CVE-2025-65012?

Affected Version(s)

References

CVSS V4

Timeline