CVE-2025-63889

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.

Published Nov 21, 2025

https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26

CVSS ScoreHigh

7.5

Vulnerabilities

CVE-2025-63889

The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.

Published Nov 21, 2025

https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26

CVSS ScoreHigh

7.5

CVE-2025-63889 Security Details

CVE ID: CVE-2025-63889
CWE: CWE-125
CVE Description: The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.
Published: Nov 21, 2025
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.059%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26THIRD_PARTY

CVE-2025-63889 Security Details

CVE ID: CVE-2025-63889
CWE: CWE-125
CVE Description: The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.
Published: Nov 21, 2025
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.059%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://gist.github.com/Master-0-0/dd63209602f04267f1a27a75a064df26THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2025-63889

CVE-2025-63889 Security Details

CVE-2025-63889 Security Details