CVE-2025-53833
published 2025-07-14CVE-2025-53833: LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side…
PriorityP189critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.36%
94.8th percentile
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| binarytorch | larecipe | >= 0 < 2.8.1 | 2.8.1 |
| saleem-hadad | larecipe | < 2.8.1 | 2.8.1 |
Detection & IOCsextracted from sources · hover to see the quote
urlGET /docs/1.0/?{{phpinfo()}} HTTP/1.1
path/docs/1.0/
otherbody="/binarytorch/larecipe/"
- →HTTP GET request to /docs/1.0/ with Blade/Twig-style template injection payload in query string (e.g., ?{{phpinfo()}}) is the exploit vector for this SSTI RCE.
- →Successful exploitation returns HTTP 200 with all three strings present in the response body: 'PHP Extension', 'PHP Version', and 'larecipe'.
- →FOFA fingerprint for exposed LaRecipe instances: search for body containing '/binarytorch/larecipe/'.
- →Vulnerability is unauthenticated (PR:N, UI:N) and network-reachable (AV:N); any request to the docs endpoint with template syntax in query parameters should be flagged. ↗
- ·RCE impact is conditional on server configuration; not all LaRecipe deployments may be exploitable to the same degree. ↗
- ·The Nuclei template uses skip-variables-check: true to prevent the engine from interpreting the SSTI payload as its own template variables — detection tooling must handle this payload carefully.
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LaRecipe is vulnerable to Server-Side Template Injection attacks
ghsa·2025-07-14
CVE-2025-53833 [CRITICAL] CWE-1336 LaRecipe is vulnerable to Server-Side Template Injection attacks
LaRecipe is vulnerable to Server-Side Template Injection attacks
### Impact
Attackers could:
1. Execute arbitrary commands on the server
2. Access sensitive environment variables
3. Escalate access depending on server configuration
A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection (SSTI), potentially leading to Remote Code Execution (RCE) in vulnerable configurations.
### Patches
Users are strongly advised to upgrade to version v2.8.1 or later.
### Credit
We would like to thank **Roman Ananev** for responsibly identifying and reporting this vulnerability.
OSV
LaRecipe is vulnerable to Server-Side Template Injection attacks
osv·2025-07-14
CVE-2025-53833 [CRITICAL] LaRecipe is vulnerable to Server-Side Template Injection attacks
LaRecipe is vulnerable to Server-Side Template Injection attacks
### Impact
Attackers could:
1. Execute arbitrary commands on the server
2. Access sensitive environment variables
3. Escalate access depending on server configuration
A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection (SSTI), potentially leading to Remote Code Execution (RCE) in vulnerable configurations.
### Patches
Users are strongly advised to upgrade to version v2.8.1 or later.
### Credit
We would like to thank **Roman Ananev** for responsibly identifying and reporting this vulnerability.
VulnCheck
Improper Neutralization of Special Elements Used in a Template Engine
vulncheck·2025·CVSS 10.0
CVE-2025-53833 [CRITICAL] Improper Neutralization of Special Elements Used in a Template Engine
Improper Neutralization of Special Elements Used in a Template Engine
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could execute arbitrary commands on the server, access sensitive environment variables, and/or escalate access depending on server configuration. Users are strongly advised to upgrade to version v2.8.1 or later to receive a patch.
Affected: LaRecipe LaRecipe
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References:
No detection rules found.
Nuclei
LaRecipe < 2.8.1 Remote Code Execution via SSTI
nuclei·CVSS 10.0
CVE-2025-53833 [CRITICAL] LaRecipe < 2.8.1 Remote Code Execution via SSTI
LaRecipe < 2.8.1 Remote Code Execution via SSTI
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations.
Template:
id: CVE-2025-53833
info:
name: LaRecipe < 2.8.1 Remote Code Execution via SSTI
author: iamnoooob,pdresearch
severity: critical
description: |
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations.
impact: |
Attackers could execute arbitrary
2025-07-14
Published
Exploited in the wild