SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.

Basic Information

ID CVE-2025-71242

Source VulnCheck

Published Feb 19, 2026 at 14:58

Affected Product

Vendor SPIP

Product SPIP

Version 4.1.0

Affected Versions SPIP SPIP 4.1.0
SPIP SPIP 4.2.0
SPIP SPIP 4.3.0

References

{
    "lastseen": "",
    "description": "SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.",
    "published": "2026-02-19T14:58:14.582Z",
    "modified": "2026-02-19T14:58:14.582Z",
    "type": "cve",
    "title": "SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure",
    "source": "VulnCheck",
    "references": "https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-3-6.html\nhttps://git.spip.net/spip/spip\nhttps://www.vulncheck.com/advisories/spip-authorization-bypass-leading-to-content-disclosure",
    "id": "CVE-2025-71242",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "SPIP SPIP 4.1.0\nSPIP SPIP 4.2.0\nSPIP SPIP 4.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SPIP",
    "version": "4.1.0",
    "vendor": "SPIP",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure_CVE-2025-71242

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply