exploitDog

CVE-2025-65900

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Ссылки

https://github.com/DifuseHQ/Kalmia
Product
https://github.com/Noxurge/CVE-2025-65900/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:difuse:kalmia:0.2.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-f6h7-jxqx-887x

CVSS3: 6.5

github

2 месяца назад

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

EPSS

Процентиль: 8%

0.0003

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863