PT-2025-34707 · Unknown · Scratch Channel

Polylogue2

Published

2025-08-25

Updated

2025-08-26

CVE-2025-57805

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions 1 and 1.1

Description: The Scratch Channel, a news website, is susceptible to unauthorized article posting. A POST request to the article publishing endpoint allows posting articles in any category with any date, irrespective of user login status.

Recommendations: Update to version 1.2 to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-57805

GHSA-H5RJ-2466-QR23

Affected Products

Scratch Channel

PT-2025-34707 · Unknown · Scratch Channel

CVE-2025-57805

Weakness Enumeration

Related Identifiers

Affected Products

References · 8