CVE-2025-66906

Medium CVSS: 6.1

Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

Vendor

Product

CWE

Yayın Tarihi

2025-12-19 16:15:58

Güncelleme

2026-01-02 19:57:50

Source Identifier

cve@mitre.org

KEV Date Added

CWE-352 Turms MEDIUM Turms-im 2025

https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md https://github.com/turms-im/turms https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md

Medium

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR…

High

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerabilit…

Medium

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authe…

Medium

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status qu…