CVE-2025-71250

CVSS

No CVSS.

ejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

References

No reference.

Configurations

No configuration.

History

19 Feb 2026, 19:22

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : unknown
CWE	~~CWE-502~~
References	~~{'url': 'https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-9.html', 'source': '[email protected]'}~~ ~~{'url': 'https://git.spip.net/spip/spip', 'source': '[email protected]'}~~ ~~{'url': 'https://www.vulncheck.com/advisories/spip-insecure-deserialization', 'source': '[email protected]'}~~
Summary	(en) SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

19 Feb 2026, 16:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 16:27

Updated : 2026-02-19 19:22

NVD link : CVE-2025-71250

Mitre link : CVE-2025-71250

CVE.ORG link : CVE-2025-71250

JSON object : View

Products Affected

No product.

CWE

No CWE.