CVE-2025-29036 Information

Description

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component.

Reference

https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036 https://github.com/sahat/hackathon-starter/issues/1326 https://github.com/sahat/hackathon-starter/pull/1328