CNNVD-202512-3729 Information
CNNVD ID
CNNVD-202512-3729
Related CVE
- CNNVD Published: 2025-12-19
Description (Chinese)
turms是turms-im开源的一个即时通讯引擎。 turms v0.10.0-SNAPSHOT及之前版本存在安全漏洞,该漏洞源于用户在线状态查询功能中访问控制不当,可能导致信息泄露。
Description (English)
Turms is an instant communication engine for the turms-im open source. There is a security loophole in the turms v. 0.10.0-SNAPSHOT and previous versions, which stems from inadequate access controls in the user online status query, which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
turms-im
Published
2025-12-19
Last Modified
2026-02-24
References
https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66911_report.md https://github.com/turms-im/turms https://github.com/turms-im/turms/blob/develop/turms-service/src/main/java/im/turms/service/domain/user/access/servicerequest/controller/UserServiceController.java#L239 https://access.redhat.com/security/cve/cve-2025-66911
Share on: