Authorization Bypass in SPIP by SPIP Team
CVE-2025-71242

5.3MEDIUM

Key Information:

Vendor

Spip

Status
Spip
Vendor
CVE Published:
19 February 2026

What is CVE-2025-71242?

The SPIP content management system prior to versions 4.3.6, 4.2.17, and 4.1.20 is susceptible to an authorization bypass vulnerability that may lead to unauthorized access to private content. This flaw allows authenticated users to view restricted articles and sections through AJAX-loaded fragments, as the application fails to adequately perform authorization checks. The existing SPIP security measures do not mitigate this issue, thereby exposing sensitive information to potential attackers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SPIP 4.1.0 < 4.1.20

SPIP 4.2.0 < 4.2.17

SPIP 4.3.0 < 4.3.6

References

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-S...
vendor-advisorypatch
https://git.spip.net/spip/spip
product
https://www.vulncheck.com/advisories/spip-authorization-b...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SPIP security team
JSON
.