CVE-2025-65900

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kalmia CMS version 0.2.0

Description Kalmia CMS version 0.2.0 has an issue with access control in the /kal-api/auth/users API endpoint. Insufficient permission validation and excessive data exposure in the backend allow an authenticated user with basic read permissions to retrieve sensitive information for all platform users. The vulnerable parameter is not specified.

Recommendations Apply a fix to address insufficient permission validation and excessive data exposure in the backend of the /kal-api/auth/users API endpoint.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-65900

Affected Products

Kalmia Cms

CVE-2025-65900

Weakness Enumeration

Related Identifiers

Affected Products

References · 6