CVE-2025-67891 | pkp pkp-lib up to 3.4.0-10/3.5.0-3 compileLess baseUrl code injection

Uncategorized
Yanac

A vulnerability has been found in pkp pkp-lib up to 3.4.0-10/3.5.0-3 and classified as critical. This issue affects the function PKPTemplateManager::compileLess. This manipulation of the argument baseUrl causes code injection.

This vulnerability is handled as CVE-2025-67891. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More