CNNVD-202512-3121 Information

CNNVD ID

CNNVD-202512-3121

Related CVE

CVE-2025-67874

• CNNVD Published: 2025-12-16

Description (Chinese)

ChurchCRM是ChurchCRM开源的一个为教会打造的开源 CRM 系统。 ChurchCRM 6.5.0之前版本存在安全漏洞，该漏洞源于明文密码回显问题，可能导致凭据泄露。

Description (English)

ChurchCRM is an open-source CRM system for the Church, which is an open-source source of ChunchCRM. A security loophole existed in the pre-CurchCRM 6.5.0 version, which stemmed from the problem of explicit password resonance and could lead to the disclosure of evidence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ChurchCRM

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/ChurchCRM/CRM/commit/2d6cf7aed9af1b9b47e125d1a2266f8e2a88f3fd https://github.com/ChurchCRM/CRM/security/advisories/GHSA-p98h-5xcj-5c6x https://access.redhat.com/security/cve/cve-2025-67874

Patch

https://github.com/ChurchCRM/CRM/releases