PT-2025-51870 · Churchcrm · Churchcrm

Vesp3Rtine

Published

2025-12-17

Updated

2025-12-21

CVE-2025-66397

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3

Description ChurchCRM, an open-source church management system, has an issue with access control in the Kiosk Manager feature. Specifically, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions are affected. Any authenticated user can perform actions such as allowing and accepting kiosk registrations, reloading, and identifying kiosks.

Recommendations Update to version 6.5.3 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-66397

GHSA-32VR-CH3P-WMR5

Affected Products

Churchcrm

PT-2025-51870 · Churchcrm · Churchcrm

CVE-2025-66397

Weakness Enumeration

Related Identifiers

Affected Products

References · 6