A high-severity Remote Code Execution (RCE) vulnerability has been identified in the REDAXO CMS 5 content management system. This flaw allows an attacker to execute arbitrary code on the server, potentially leading to a complete system compromise, data theft, and service disruption. Organizations using the affected software are urged to apply security patches immediately to mitigate the risk.

This vulnerability exists within the template management component of REDAXO CMS 5. An authenticated attacker with permissions to edit or create templates can inject malicious server-side code (e.g., PHP) into a template file. When the CMS renders or saves this compromised template, the embedded code is executed on the server with the privileges of the web server's user account, leading to remote code execution.

This is a High severity vulnerability with a CVSS score of 7.2. Successful exploitation could allow an attacker to gain complete control of the web server hosting the REDAXO CMS instance. The potential business impact includes the theft of sensitive data such as customer information or intellectual property, website defacement, distribution of malware to site visitors, and using the compromised server as a pivot point to attack other systems within the internal network. Such an incident could result in significant financial loss, regulatory penalties, and severe reputational damage.

Immediate Action: Apply the security patches released by the vendor immediately, prioritizing all internet-facing systems. Before deployment, test the patches in a non-production environment to ensure compatibility. After patching, review access logs and system files for any signs of pre-patch compromise.

Proactive Monitoring: Monitor web server and application logs for suspicious activity targeting the template management functions, such as unusual POST requests or unexpected code snippets. Implement file integrity monitoring (FIM) to detect unauthorized changes to template files. Monitor for unusual outbound network connections from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Restrict access to the REDAXO administrative interface to trusted IP addresses only.
• Deploy a Web Application Firewall (WAF) with rules designed to block code injection attempts.
• Enforce strict role-based access control (RBAC) and review all user accounts, ensuring that only highly trusted administrators have permissions to modify templates.

Public Exploit Available: false

Given the high severity of this remote code execution vulnerability, we strongly recommend that all organizations using REDAXO CMS 5 perform immediate patching of affected systems. Although this vulnerability is not currently listed on the CISA KEV catalog, its potential for complete system compromise warrants urgent attention. Systems that cannot be patched immediately should have compensating controls applied while a permanent remediation plan is enacted.