CNNVD-202512-3725 Information

CNNVD ID

CNNVD-202512-3725

Related CVE

CVE-2025-66906

• CNNVD Published: 2025-12-19

Description (Chinese)

turms是turms-im开源的一个即时通讯引擎。 turms v0.10.0-SNAPSHOT及之前版本存在安全漏洞，该漏洞源于跨站请求伪造，可能导致权限提升。

Description (English)

Turms is an instant communication engine for the turms-im open source. There is a security loophole in the turms v. 0.10.0-SNAPSHOT and earlier versions, which stems from the forgery of cross-site requests, which may lead to increased access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

turms-im

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md https://github.com/turms-im/turms https://access.redhat.com/security/cve/cve-2025-66906