CVE-2025-53833 PoC — LaRecipe 安全漏洞

Description

CVE-2025-53833

介绍

# **🚨 CVE-2025-53833 — Critical ⚠️ SSTI ➜ RCE in LaRecipe (Versions < 2.8.1)**


<img width="960" height="360" alt="0_Y6-sjR9flQFzhYmr" src="https://github.com/user-attachments/assets/d521237a-6623-422c-be76-de69f39d9e9f" />


---

### 📌 Overview

* **Vulnerability ID**: CVE-2025-53833
* **Component Affected**: LaRecipe (a Laravel-based documentation generator)
* **Versions Affected**: All versions **prior to 2.8.1**
* **Vulnerability Type**: Server-Side Template Injection (SSTI)
* **Severity**: **Critical** (CVSS 10.0)

---

### ⚠️ Impact

This vulnerability allows unauthenticated attackers to:

* Inject malicious template expressions
* Execute arbitrary **remote code** on the server
* Read sensitive files like `.env` containing **database passwords, API keys, and secrets**
* Escalate privileges or even achieve **root access**

No prior authentication or user interaction is required.

---

### 🧠 Technical Insight

The flaw lies in how LaRecipe renders documentation templates. Malicious input is not properly sanitized before being passed into the templating engine, leading to full control over the rendering logic—hence, code execution.

Example:
An attacker could inject something like `{{ system('id') }}` into a template-rendering route and execute OS-level commands.

---

### ✅ Mitigation

To protect your system:

1. **Upgrade immediately** to **LaRecipe version 2.8.1 or later**
2. If you cannot upgrade:

   * **Restrict access** to documentation endpoints using HTTP authentication or IP whitelisting
   * **Disable LaRecipe** temporarily if it’s not critical
3. **Monitor** server logs for suspicious activity, especially access to documentation routes
4. **Review** `.env` and other sensitive files for unauthorized access or changes

---

### 🧩 Summary

| Category        | Info                             |
| --------------- | -------------------------------- |
| Type            | SSTI → RCE                       |
| Scope           | Unauthenticated users            |
| Exploitable via | Public documentation endpoints   |
| Patch           | Upgrade to 2.8.1+                |
| Urgency         | Critical – patch **immediately** |

---


### **🔒 Disclaimer:**

This information is provided for **educational and defensive purposes only**. Exploiting vulnerabilities without proper authorization is **illegal and unethical**. Always ensure you have **explicit permission** before conducting any form of security testing. The author is not responsible for any misuse of the content provided.

---

文件快照

备注