← Voltar para CVEs

CVE-2026-25633

MEDIUM

4.3

Descricao

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. This has been fixed in 5.73.6 and 6.2.5.

Detalhes CVE

Pontuacao CVSS v3.14.3

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado2/11/2026

Ultima modificacao2/18/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

statamic:statamic

Fraquezas (CWE)

CWE-862

Referencias

https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8a(security-advisories@github.com)

https://github.com/statamic/cms/releases/tag/v5.73.6(security-advisories@github.com)

https://github.com/statamic/cms/releases/tag/v6.2.5(security-advisories@github.com)

https://github.com/statamic/cms/security/advisories/GHSA-gwmx-9gcj-332h(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.