CVE-2025-54129

Exploit

EPSS 0.04%
Veröffentlicht 21.07.2025 20:53:26
Zuletzt bearbeitet 22.08.2025 15:21:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be used to infer the existence of valid user accounts. An authenticated attacker can use automated tooling to brute force potential usernames and use the application's response to identify valid accounts. This can be used in conjunction with other vulnerabilities, such as the lack of authorization checks, to enumerate and deface another user's sites. This is fixed in version 11.0.5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Psu ≫ Haxiam Version < 11.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.123

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/haxtheweb/issues/security/advisories/GHSA-wh3h-vfcv-m5g5

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-54129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54129

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-54129