CVE 10 CRITICAL

ChurchCRM discloses database information on error message_CVE-2025-68110

December 17, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.

AI Analysis

Database information disclosure vulnerability in ChurchCRM versions prior to 6.5.3

Basic Information

ID CVE-2025-68110

Source GitHub_M

Published Dec 17, 2025 at 21:33

Affected Product

Vendor ChurchCRM

Product CRM

Version < 6.5.3

Affected Versions ChurchCRM CRM < 6.5.3

CWE Classification

CWE-200 CWE-209

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor ChurchCRM

Product ChurchCRM

Version < 6.5.3

References

github.com /ChurchCRM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2

{
    "lastseen": "",
    "description": "ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.",
    "published": "2025-12-17T21:33:36.447Z",
    "modified": "2025-12-17T21:33:36.447Z",
    "type": "cve",
    "title": "ChurchCRM discloses database information on error message",
    "source": "GitHub_M",
    "references": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2",
    "id": "CVE-2025-68110",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "ChurchCRM CRM < 6.5.3",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CRM",
    "version": "< 6.5.3",
    "vendor": "ChurchCRM",
    "ai_description": "Database information disclosure vulnerability in ChurchCRM versions prior to 6.5.3",
    "ai_severity": "Critical",
    "ai_vendor": "ChurchCRM",
    "ai_product": "ChurchCRM",
    "ai_version": "< 6.5.3",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply