CNNVD-202512-3727 Information

CNNVD ID

CNNVD-202512-3727

Related CVE

CVE-2025-66910

• CNNVD Published: 2025-12-19

Description (Chinese)

turms是turms-im开源的一个即时通讯引擎。 turms v0.10.0-SNAPSHOT及之前版本存在安全漏洞，该漏洞源于管理员密码以明文存储，可能导致密码泄露。

Description (English)

Turms is an instant communication engine for the turms-im open source. There is a security loophole in the turms v. 0.10.0-SNAPSHOT and earlier versions, which originates from the administrator ’ s password for express storage and may lead to a leak.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

turms-im

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66910_report.md https://github.com/turms-im/turms https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/bo/AdminInfo.java#L34 https://github.com/turms-im/turms/blob/develop/turms-server-common/src/main/java/im/turms/server/common/domain/admin/service/BaseAdminService.java#L237 https://access.redhat.com/security/cve/cve-2025-66910