CVE-2025-63523

Medium CVSS: 6.5

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

Vendor

Feehi

Product

Feehicms

CWE

CWE-125

Yayın Tarihi

2025-12-01 15:15:50

Güncelleme

2025-12-02 03:06:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-125 Feehicms MEDIUM Feehi 2025

Referanslar

https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63523.md https://github.com/liufee/cms/issues/77

Benzer Kayıtlar

Medium

CVE-2025-15264

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthum…

Medium

CVE-2025-65657

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1…

Medium

CVE-2025-63520

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fu…

Medium

CVE-2025-63522

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function