Vulnerabilities

CVE-2025-63523

by Fred · 01/12/2025

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as “read-only.” An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

More information : https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63523.md

Similar

Tags: Cybersecurity Alert