What is CVE-2025-27794?

CVE-2025-27794 is a medium-severity vulnerability in Flarum Framework, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.8/10. Published 2025-03-12.

How severe is CVE-2025-27794?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Is CVE-2025-27794 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Flarum Framework

CVE-2025-27794

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the pa…

EPSS: 0.004 (59.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Flarum Framework — versions < 1.8.10

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/flarum/framework/security/advisories/GHSA-hg9j-64wp-m9px (x_refsource_CONFIRM)
https://github.com/flarum/framework/commit/a05aaea3ee1e0a8b870935183193cd6052f1d402 (x_refsource_MISC)
https://github.com/flarum/framework/releases/tag/v1.8.10 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27794?: CVE-2025-27794 is a medium-severity vulnerability in Flarum Framework, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.8/10. Published 2025-03-12.
How severe is CVE-2025-27794?: Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2025-27794 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.