CVE-2025-71243
Published: 19 February 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-71243, published on 2026-02-19, is a critical Remote Code Execution (RCE) vulnerability (CWE-94) in the 'Saisies pour formulaire' (Saisies) plugin for SPIP content management system. It affects versions 5.4.0 through 5.11.0 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction, achieving arbitrary code execution on the affected server.
Advisories recommend immediate update to Saisies version 5.11.1 or later. The SPIP blog details the critical security update, the plugin page provides version information, and VulnCheck publishes an advisory on the RCE issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an unauthenticated RCE in a public-facing CMS plugin, directly enabling exploitation of a public-facing application for initial access and code execution.