cbcvebase.
CVE-2025-53833
published 2025-07-14

CVE-2025-53833: LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side…

PriorityP189critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.36%
94.8th percentile
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.

Affected

2 ranges
VendorProductVersion rangeFixed in
binarytorchlarecipe>= 0 < 2.8.12.8.1
saleem-hadadlarecipe< 2.8.12.8.1

Detection & IOCsextracted from sources · hover to see the quote

urlGET /docs/1.0/?{{phpinfo()}} HTTP/1.1
path/docs/1.0/
otherbody="/binarytorch/larecipe/"
  • HTTP GET request to /docs/1.0/ with Blade/Twig-style template injection payload in query string (e.g., ?{{phpinfo()}}) is the exploit vector for this SSTI RCE.
  • Successful exploitation returns HTTP 200 with all three strings present in the response body: 'PHP Extension', 'PHP Version', and 'larecipe'.
  • FOFA fingerprint for exposed LaRecipe instances: search for body containing '/binarytorch/larecipe/'.
  • Vulnerability is unauthenticated (PR:N, UI:N) and network-reachable (AV:N); any request to the docs endpoint with template syntax in query parameters should be flagged.
  • ·RCE impact is conditional on server configuration; not all LaRecipe deployments may be exploitable to the same degree.
  • ·The Nuclei template uses skip-variables-check: true to prevent the engine from interpreting the SSTI payload as its own template variables — detection tooling must handle this payload carefully.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.