CVE-2025-15005

Name of the Vulnerable Software and Affected Versions CouchCMS versions up to 2.4

Description A security issue exists in CouchCMS related to the reCAPTCHA Handler component. The issue resides in an unknown function within the couch/config.example.php file. Manipulation of the arguments K RECAPTCHA SITE KEY and K RECAPTCHA SECRET KEY can lead to the use of a hard-coded cryptographic key. This attack can be launched remotely and is characterized by high complexity, though exploitability is considered difficult. The exploit for this issue has been publicly released and may be exploited. Reports indicate offensive activities targeting this vulnerability.

Recommendations Versions prior to 2.4 should be updated.