CVE-2025-53833 PoC — LaRecipe is vulnerable to Server-Side Template Injection attacks

Source

https://github.com/B1ack4sh/Blackash-CVE-2025-53833

Associated Vulnerability

Title:LaRecipe is vulnerable to Server-Side Template Injection attacks (CVE-2025-53833)
Description:LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

Description

CVE-2025-53833

Readme

# **🚨 CVE-2025-53833 — Critical ⚠️ SSTI ➜ RCE in LaRecipe (Versions < 2.8.1)**


<img width="960" height="360" alt="0_Y6-sjR9flQFzhYmr" src="https://github.com/user-attachments/assets/d521237a-6623-422c-be76-de69f39d9e9f" />


---

### 📌 Overview

* **Vulnerability ID**: CVE-2025-53833
* **Component Affected**: LaRecipe (a Laravel-based documentation generator)
* **Versions Affected**: All versions **prior to 2.8.1**
* **Vulnerability Type**: Server-Side Template Injection (SSTI)
* **Severity**: **Critical** (CVSS 10.0)

---

### ⚠️ Impact

This vulnerability allows unauthenticated attackers to:

* Inject malicious template expressions
* Execute arbitrary **remote code** on the server
* Read sensitive files like `.env` containing **database passwords, API keys, and secrets**
* Escalate privileges or even achieve **root access**

No prior authentication or user interaction is required.

---

### 🧠 Technical Insight

The flaw lies in how LaRecipe renders documentation templates. Malicious input is not properly sanitized before being passed into the templating engine, leading to full control over the rendering logic—hence, code execution.

Example:
An attacker could inject something like `{{ system('id') }}` into a template-rendering route and execute OS-level commands.

---

### ✅ Mitigation

To protect your system:

1. **Upgrade immediately** to **LaRecipe version 2.8.1 or later**
2. If you cannot upgrade:

   * **Restrict access** to documentation endpoints using HTTP authentication or IP whitelisting
   * **Disable LaRecipe** temporarily if it’s not critical
3. **Monitor** server logs for suspicious activity, especially access to documentation routes
4. **Review** `.env` and other sensitive files for unauthorized access or changes

---

### 🧩 Summary

| Category        | Info                             |
| --------------- | -------------------------------- |
| Type            | SSTI → RCE                       |
| Scope           | Unauthenticated users            |
| Exploitable via | Public documentation endpoints   |
| Patch           | Upgrade to 2.8.1+                |
| Urgency         | Critical – patch **immediately** |

---


### **🔒 Disclaimer:**

This information is provided for **educational and defensive purposes only**. Exploiting vulnerabilities without proper authorization is **illegal and unethical**. Always ensure you have **explicit permission** before conducting any form of security testing. The author is not responsible for any misuse of the content provided.

---

File Snapshot


 [4.0K]  /data/pocs/4585240ab3b4f3a47ffabb5ccc1c7b918de45cb0
└── [2.5K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!