What is CVE-2025-34113?

CVE-2025-34113 is a vulnerability in Tiki Software Community Association Wiki Cms Groupware, classified under Missing Authentication for Critical Function. Published 2025-07-15.

Is CVE-2025-34113 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Tiki Software Community Association Wiki Cms Groupware

CVE-2025-34113

An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user…

Vulnerability class: Broken Authentication

EPSS: 0.644 (98.5th percentile) — read the EPSS interpretation.

Affected products

Tiki Software Community Association Wiki Cms Groupware — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

rapid7/metasploit-framework

References

tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki (vendor-advisory, patch)
www.exploit-db.com/exploits/39965 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.acunetix.com/vulnerabilities/web/tiki-wiki-cms-remote-code-execution-via-ca… (third-party-advisory)
www.vulncheck.com/advisories/tiki-wiki-cms-authenticated-command-injection-in-c… (third-party-advisory)

Frequently asked questions

What is CVE-2025-34113?: CVE-2025-34113 is a vulnerability in Tiki Software Community Association Wiki Cms Groupware, classified under Missing Authentication for Critical Function. Published 2025-07-15.
Is CVE-2025-34113 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.