CNNVD-202510-2557 Information

CNNVD ID

CNNVD-202510-2557

Related CVE

CVE-2025-11938

• CNNVD Published: 2025-10-19

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 5.18.0及之前版本存在代码问题漏洞，该漏洞源于对文件setup/routes/setup.php中参数DB_PASSWORD/ROOT_PATH/URL的错误操作，可能导致反序列化攻击。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. ChurchCRM 5.18.0 and previous versions had a code problem loophole, which stemmed from an error in the operation of the parameter DB PASSWORD/ROOT PATH/URL in the filesetup/routes/setup.php, which could lead to a back-serialization attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

ChurchCRM

Published

2025-10-19

Last Modified

2026-02-24

References

https://vuldb.com/?id.329014 https://github.com/uartu0/advisories/blob/main/churchcrm-setup-rce-2025.md https://vuldb.com/?ctiid.329014 https://vuldb.com/?submit.671083 https://access.redhat.com/security/cve/cve-2025-11938

Patch

https://github.com/ChurchCRM/CRM/releases