CVE-2025-65900_CVE-2025-65900

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Basic Information

ID CVE-2025-65900

Source mitre

Published Dec 4, 2025 at 00:00

Modified Dec 5, 2025 at 20:30

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.",
    "published": "2025-12-04T00:00:00.000Z",
    "modified": "2025-12-05T20:30:46.450Z",
    "type": "cve",
    "title": "CVE-2025-65900",
    "source": "mitre",
    "references": "https://github.com/DifuseHQ/Kalmia\nhttps://github.com/Noxurge/CVE-2025-65900/blob/main/README.md",
    "id": "CVE-2025-65900",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}