Share
## https://sploitus.com/exploit?id=1F0AE8CA-B7BF-5EE8-B8A2-73BD62388610
# CVE-2025-47916 - Invision Community Remote Code Execution (RCE) Vulnerability

## About

This repository provides a proof‑of‑concept description for
**CVE‑2025‑47916**, a Remote Code Execution vulnerability affecting
Invision Community versions **5.0.0 through 5.0.6**. The issue stems
from improper handling of user-supplied input within the `customCss()`
method, allowing unauthenticated attackers to execute crafted template
expressions.

## Affected Versions

-   All versions from **5.0.0** to **5.0.6**

## Description

The vulnerability resides in the
`IPS\core\modules\front\system\themeeditor::customCss()` method inside:

    /applications/core/modules/front/system/themeeditor.php

The method can be called without authentication and passes the `content`
request parameter to `Theme::makeProcessFunction()`. Since the value is
processed through the template engine, specially crafted input may lead
to **arbitrary PHP code execution**. This enables remote,
unauthenticated attackers to achieve full code execution within the
Invision Community environment.

## CLI Usage

    usage: main.py [options] target

    positional arguments:
      target                Target URL

    optional arguments:
      -p, --proxy PROXY     Proxy server to route requests
      -c, --command CMD     Single command to process (for testing output handling)
      -t, --test            Perform a non-intrusive vulnerability check

## Solution

Update to **Invision Community 5.0.7** or later, where the issue has
been resolved.

## Credits

Vulnerability discovered by **Egidio Romano**.

## References

-   https://invisioncommunity.com/release-notes-v5/507-r41/
-   CVE entry
    https://vulners.com/cve/CVE-2025-47916
-   Karma In Security Advisory:
    https://karmainsecurity.com/KIS-2025-02