CVE-2025-65276

Name of the Vulnerable Software and Affected Versions HashTech versions 1.0 through commit 5919decaff2681dc250e934814fc3a35f6093ee5

Description A missing authentication check on the /admin index.php endpoint allows an attacker to access the administrative dashboard without valid credentials. This grants full administrative control, including the ability to view and modify user accounts, manage orders, change payments, and edit product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.

Recommendations Update HashTech to a version beyond commit 5919decaff2681dc250e934814fc3a35f6093ee5.