Authorization Bypass in SPIP by SPIP Team
CVE-2025-71242

5.3MEDIUM

Key Information:

Vendor: Spip
Status: Spip
Vendor: CVE Published:; 19 February 2026

What is CVE-2025-71242?

The SPIP content management system prior to versions 4.3.6, 4.2.17, and 4.1.20 is susceptible to an authorization bypass vulnerability that may lead to unauthorized access to private content. This flaw allows authenticated users to view restricted articles and sections through AJAX-loaded fragments, as the application fails to adequately perform authorization checks. The existing SPIP security measures do not mitigate this issue, thereby exposing sensitive information to potential attackers.

Affected Version(s)

SPIP 4.1.0 < 4.1.20

SPIP 4.2.0 < 4.2.17

SPIP 4.3.0 < 4.3.6

References

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-S...

vendor-advisorypatch

https://git.spip.net/spip/spip

product

https://www.vulncheck.com/advisories/spip-authorization-b...

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

SPIP security team

CVE-2025-71242 Data

JSON

Spip

What is CVE-2025-71242?

Affected Version(s)

References

CVSS V4

Timeline

Credit