CVE-2025-56588
Published: 01 October 2025
Description
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Security Summary
CVE-2025-56588 is a remote code execution (RCE) vulnerability affecting Dolibarr ERP & CRM version 21.0.1. The flaw resides in the User module configuration, exploitable through the computed field parameter, and is classified under CWE-94 (Code Injection). It received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
The vulnerability can be exploited remotely over the network by unauthenticated attackers (PR:N) with low complexity (AC:L), though it requires user interaction (UI:R), such as tricking a user into performing a specific action. Successful exploitation enables arbitrary code execution on the server, granting attackers high-level control over the affected system without changing scope (S:U).
Advisories and further details are available from the vendor at http://dolibarr.com and the research repository at https://github.com/PhDg1410/Research, published on 2025-10-01.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
RCE via malicious expressions in computed fields of the User module, evaluated server-side during page rendering, enables Template Injection.