CVE-2025-65899

Name of the Vulnerable Software and Affected Versions Kalmia CMS version 0.2.0

Description The application exhibits a user enumeration issue in its authentication process. Different error messages are returned depending on whether a user exists or not, or if the password is incorrect. Specifically, the application returns distinct responses for invalid users (user not found) versus valid users with incorrect credentials (invalid password). This allows attackers to identify valid usernames without authentication.

Recommendations Update to a newer version that contains a fix for this vulnerability.