CVE-2025-67004

Source
https://cve.org/CVERecord?id=CVE-2025-67004
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67004.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67004
Published
2026-01-09T00:00:00Z
Modified
2026-07-08T08:12:43.889736159Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /<file> is accessible it is a web-server configuration issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67004.json",
    "cna_assigner": "mitre",
    "isDisputed": true
}
References

Affected packages

Git / github.com/couchcms/couchcms

Affected ranges

Type
GIT
Repo
https://github.com/couchcms/couchcms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:couchcms:couchcms:2.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.4"
        },
        {
            "last_affected": "2.4"
        }
    ]
}

Affected versions

2.*
2.4
v2.*
v2.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67004.json"