Azuriom is an enterprise content management system used by some organizations for managing digital assets. This vulnerability allows attackers to inject arbitrary code into the CMS's template engine, potentially leading to privilege escalation and unauthorized access to sensitive data.
You're affected if you use Client-side template. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to Azuriom 1.2.8 or later: https://github.com/Azuriom/Azuriom/releases/tag/1.2.8
- Immediate mitigations:
- Restrict network access to your Azuriom instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized template modifications