CVE-2025-67004

MEDIUM

6.5

Descricao

** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado1/9/2026

Ultima modificacao1/23/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

couchcms:couchcms

Fraquezas (CWE)

CWE-22

Referencias

https://gist.github.com/thepiyushkumarshukla/d01f8004c43692f18c75548f4739955a(cve@mitre.org)

https://github.com/CouchCMS/CouchCMS(cve@mitre.org)

https://www.couchcms.com/(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.