CVE-2025-11529

Medium CVSS: 6.9

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The patch is identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4. A patch should be applied to remediate this issue.

Vendor

Churchcrm

Product

Churchcrm

CWE

CWE-287

Yayın Tarihi

2025-10-09 03:15:31

Güncelleme

2026-02-24 07:16:37

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-287 Churchcrm MEDIUM Churchcrm 2025

Referanslar

https://github.com/ChurchCRM/CRM/commit/3a1cffd2aea63d884025949cfbcfd274d06216a4 https://github.com/ChurchCRM/CRM/pull/7376 https://github.com/uartu0/advisories/blob/main/churchcrm-api-auth-bypass-2025.md https://vuldb.com/?ctiid.327667 https://vuldb.com/?id.327667 https://vuldb.com/?submit.669916 https://github.com/uartu0/advisories/blob/main/churchcrm-api-auth-bypass-2025.md

Benzer Kayıtlar

Medium

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type syst…

Low

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated u…

High

CVE-2026-24854

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor…

High

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) v…

Low

CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting…

Critical

CVE-2025-68400

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint `/Repo…