CVE-2025-65900

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-65900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-65900
Published
2025-12-04T22:15:49.127Z
Modified
2026-03-13T03:41:26.625276Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

References

Affected packages

Git / github.com/DifuseHQ/Kalmia

Affected ranges

Type
GIT
Repo
https://github.com/DifuseHQ/Kalmia
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1bc059450c3901b17e1be99209965b12f6d163e4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2.0"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.1.0
0.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65900.json"