PT-2025-48952 · Masacms · Masacms
Published
2025-12-03
·
Updated
2025-12-05
·
CVE-2024-32643
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Masa CMS versions prior to 7.2.8
Masa CMS versions prior to 7.3.13
Masa CMS versions prior to 7.4.6
Description
Masa CMS is an open source Enterprise Content Management platform. If the URL to a page is modified to include a
/tag/ declaration, the CMS renders the page regardless of group restrictions. This allows access to content that should be restricted based on user group membership.Recommendations
Update Masa CMS to version 7.2.8 or later.
Update Masa CMS to version 7.3.13 or later.
Update Masa CMS to version 7.4.6 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Masacms