CNNVD-202508-3590 Information

CNNVD ID

CNNVD-202508-3590

Related CVE

CVE-2025-4644

• CNNVD Published: 2025-08-29

Description (Chinese)

Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload存在授权问题漏洞，该漏洞源于SQLite适配器在账户创建期间标识符重用，可能导致会话固定攻击。

Description (English)

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB. Payload had a mandate gap, which stemmed from the re-use of the SQLite adaptor during the creation of the account, which could lead to a fixed attack on the session.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Payload

Published

2025-08-29

Last Modified

2026-02-24

References

https://payloadcms.com https://github.com/payloadcms/payload https://cert.pl/en/posts/2025/08/CVE-2025-4643 https://nvd.nist.gov/vuln/detail/CVE-2025-4644