CVE-2025-11529

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 5.18.0

Description A security flaw exists in ChurchCRM impacting the AuthMiddleware function within the src/ChurchCRM/Slim/Middleware/AuthMiddleware.php file of the API Endpoint component. This allows for missing authentication and can be exploited remotely. The exploit has been publicly released.

Recommendations Apply the patch identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2025-11529

Affected Products

Churchcrm

CVE-2025-11529

Weakness Enumeration

Related Identifiers

Affected Products

References · 13