DEBIAN-CVE-2025-71242

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-71242

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71242.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-71242

Upstream

CVE-2025-71242

Published

2026-02-19T16:27:12.113Z

Modified

2026-03-17T02:52:31.823905Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.

References

https://security-tracker.debian.org/tracker/CVE-2025-71242

Affected packages

Debian:11 / spip

Package

Name: spip
Purl: pkg:deb/debian/spip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.11-3

3.2.11-3+deb11u1

3.2.11-3+deb11u2

3.2.11-3+deb11u3

3.2.11-3+deb11u4

3.2.11-3+deb11u5

3.2.11-3+deb11u6

3.2.11-3+deb11u7

3.2.11-3+deb11u8

3.2.11-3+deb11u9

3.2.11-3+deb11u10

3.2.12-1

4.*

4.0.1-1

4.0.2-1

4.0.4-1

4.0.5-1

4.1.0~alpha+dfsg-1

4.1.0~beta+dfsg-1

4.1.0~rc+dfsg-1

4.1.1+dfsg-1

4.1.2+dfsg-1

4.1.5+dfsg-1

4.1.7+dfsg-1

4.1.8+dfsg-1

4.1.9+dfsg-1

4.1.10+dfsg-1

4.1.11+dfsg-1

4.1.12+dfsg-1

4.1.13+dfsg-1

4.1.15+dfsg-1

4.1.15+dfsg-2

4.2.2+dfsg-1

4.2.3+dfsg-1

4.2.4+dfsg-1

4.2.5+dfsg-1

4.2.6+dfsg-1

4.2.7+dfsg-1

4.2.8+dfsg-1

4.2.9+dfsg-1

4.2.9+dfsg-2

4.2.10+dfsg-1

4.2.11+dfsg-1

4.2.12+dfsg-1

4.2.13+dfsg-1

4.2.14+dfsg-1

4.3.0~alpha+dfsg-1

4.3.0~alpha.2+dfsg-1

4.3.0~beta+dfsg-1

4.3.0+dfsg-1

4.3.1+dfsg-1

4.3.2+dfsg-1

4.3.3+dfsg-1

4.3.4+dfsg-1

4.3.5+dfsg-1

4.3.6+dfsg-1

4.3.8+dfsg-1

4.4.2+dfsg-1

4.4.3+dfsg-1

4.4.4+dfsg-1

4.4.5+dfsg-1

4.4.6+dfsg-1

4.4.7+dfsg-1

4.4.8+dfsg-1

4.4.9+dfsg-1

4.4.10+dfsg-1

4.4.11+dfsg-1

4.4.13+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71242.json"

Debian:13 / spip

Package

Name: spip
Purl: pkg:deb/debian/spip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71242.json"

Debian:14 / spip

Package

Name: spip
Purl: pkg:deb/debian/spip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71242.json"