CVE-2025-65899

Medium CVSS: 5.3

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.

Vendor

Difuse

Product

Kalmia

CWE

CWE-204

Yayın Tarihi

2025-12-04 22:15:48

Güncelleme

2025-12-10 21:39:06

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-204 Kalmia MEDIUM Difuse 2025

Referanslar

https://github.com/DifuseHQ/Kalmia https://github.com/Noxurge/CVE-2025-65899/blob/main/README.md