CNNVD-202512-2587 Information
CNNVD ID
CNNVD-202512-2587
Related CVE
- CNNVD Published: 2025-12-14
Description (Chinese)
DecoCMS是deco CMS开源的一个内容管理系统。 DecoCMS 1.0.0-alpha.31及之前版本存在访问控制错误漏洞,该漏洞源于对文件packages/sdk/src/mcp/teams/api.ts中参数domain的错误操作,可能导致访问控制不当。
Description (English)
DecoCMS is an open-source content management system for deco CMS. There is an access control error gap in DecoCMS 1.0.0-alpha.31 and earlier versions, which stems from an error in the use of the parameters domain in the document packages/sdk/src/mcp/teams/api.ts, which may lead to inappropriate access controls.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
deco CMS
Published
2025-12-14
Last Modified
2026-02-24
References
https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237 https://vuldb.com/?ctiid.336392 https://vuldb.com/?submit.713741 https://vuldb.com/?id.336392 https://github.com/decocms/mesh/pull/1967#issue-3700934099 https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32 https://access.redhat.com/security/cve/cve-2025-14660
Patch
https://github.com/decocms/mesh/releases
Share on: