← Voltar para CVEs

CVE-2025-54134

MEDIUM

6.5

Descricao

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado7/21/2025

Ultima modificacao7/30/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

psu:haxcms-nodejs

Fraquezas (CWE)

CWE-20CWE-248CWE-703

Referencias

https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22(security-advisories@github.com)

https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52(security-advisories@github.com)

https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34(security-advisories@github.com)

https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.