CVE-2025-71243 CRITICAL

CVE-2025-71243: SPIP Saisies Plugin < 5.11.1 Remote Code Execution

Vendor Spip
Product Saisies pour formulaire
Weakness CWE-94 · Code injection
Published February 19, 2026
Last update March 5, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.

Key dates

02Disclosure timeline

February 19, 2026 CVE published
March 5, 2026 Record updated

Related vulnerabilities

04Related CVE