CVE-2025-65899

Sažetak

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.

Reference

https://github.com/DifuseHQ/Kalmia
https://github.com/Noxurge/CVE-2025-65899/blob/main/README.md

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

04-12-2025 - 22:15

Objavljeno

04-12-2025 - 22:15