Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
{
"cwe_ids": [
"CWE-284",
"CWE-78"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62713.json",
"cna_assigner": "GitHub_M"
}{
"extracted_events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.3.2"
},
{
"introduced": "0"
}
],
"source": [
"AFFECTED_FIELD",
"DESCRIPTION",
"REFERENCES"
]
}