CVE-2025-24374

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Twig es un lenguaje de plantillas para PHP. Al utilizar el operador ??, no se podía escapar la salida de la expresión del lado izquierdo del operador. Esta vulnerabilidad se ha corregido en la versión 3.19.0.

29 Jan 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-29 16:15

Updated : 2026-06-17 08:58


NVD link : CVE-2025-24374

Mitre link : CVE-2025-24374

CVE.ORG link : CVE-2025-24374


JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')