[CRITICAL] The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

PKSA-tpdv-c7w9-v16r CVE-2025-52122 GHSA-9hp3-f5g8-rccg

Affected package: solspace/craft-freeform

Affected version: >=5.0.0,<5.10.16

Reported by:
GitHub