CVE 9.8 CRITICAL

CVE-2025-65276_CVE-2025-65276

December 1, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.

AI Analysis

Unauthenticated administrative access vulnerability in HashTech project

Basic Information

ID CVE-2025-65276

Source mitre

Published Nov 26, 2025 at 00:00

Modified Dec 1, 2025 at 19:15

Affected Product

Vendor henzljw

Product HashTech

Version 1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor henzljw

Product HashTech

Version 1.0

References

gist.github.com /whoisrushi/c3bfcd1adf96d80952edbd03d0310836

{
    "lastseen": "",
    "description": "An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.",
    "published": "2025-11-26T00:00:00.000Z",
    "modified": "2025-12-01T19:15:42.318Z",
    "type": "cve",
    "title": "CVE-2025-65276",
    "source": "mitre",
    "references": "https://gist.github.com/whoisrushi/c3bfcd1adf96d80952edbd03d0310836",
    "id": "CVE-2025-65276",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HashTech",
    "version": "1.0",
    "vendor": "henzljw",
    "ai_description": "Unauthenticated administrative access vulnerability in HashTech project",
    "ai_severity": "Critical",
    "ai_vendor": "henzljw",
    "ai_product": "HashTech",
    "ai_version": "1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply