CVE-2025-63523

Name of the Vulnerable Software and Affected Versions FeehiCMS version 2.1.1

Description FeehiCMS version 2.1.1 does not properly enforce server-side immutability for parameters displayed as "read-only" to clients. An authenticated attacker can intercept and modify these parameters during transmission, and the backend system will accept the changes. This can result in unintended modifications, such as changes to a user's username. The vulnerable parameters are subject to manipulation in transit.

Recommendations Update FeehiCMS to a version where this issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.