CNNVD-202510-1369 Information

Oct 09, 2025 cve

CNNVD ID

CNNVD-202510-1369

CVE-2025-11529

CNNVD Published: 2025-10-09

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 5.18.0及之前版本存在安全漏洞，该漏洞源于API Endpoint组件中AuthMiddleware函数缺少身份验证，可能导致远程攻击。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. There is a security loophole in ChurchCR 5.18.0 and earlier versions, which stems from the lack of identification of the Auth Middleware function in the API Endpoint component, which could lead to a remote attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ChurchCRM

Published

2025-10-09

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/commit/3a1cffd2aea63d884025949cfbcfd274d06216a4 https://vuldb.com/?ctiid.327667 https://vuldb.com/?id.327667 https://github.com/uartu0/advisories/blob/main/churchcrm-api-auth-bypass-2025.md https://github.com/ChurchCRM/CRM/pull/7376 https://vuldb.com/?submit.669916

Share on: