Client-Side Template Injection in Azuriom CMS by Azuriom
CVE-2025-65271

8.8HIGH

Key Information:

Vendor: Azuriom
Status: Azuriom CMS
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-65271?

The Azuriom CMS admin dashboard is susceptible to a client-side template injection vulnerability that allows low-privilege users to execute arbitrary template code within the context of an administrator's session. This serious flaw can be exploited through plugins or dashboard components that process untrusted user inputs. Attackers may leverage this vulnerability for privilege escalation, potentially compromising the security of the entire system. The issue has been addressed in version 1.2.7 of Azuriom CMS.

References

https://github.com/Azuriom/Azuriom

https://www.github.com/Azuriom/Azuriom

https://github.com/Azuriom/Azuriom/commit/0289175547319ad...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65271 Data

JSON