CouchCMS
CVE-2025-15005
LOW
Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks.
AnalysisAI
CouchCMS versions up to 2.4 use hard-coded cryptographic keys in the reCAPTCHA handler configuration, allowing remote attackers with high complexity to conduct information disclosure attacks against the reCAPTCHA mechanism. The vulnerability stems from improper handling of K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY parameters in couch/config.example.php, and publicly available exploit code exists, though real-world exploitation probability remains low (EPSS 0.06%).
Technical ContextAI
CouchCMS implements reCAPTCHA integration through a configuration file (couch/config.example.php) that handles the reCAPTCHA API keys. The vulnerability occurs in the reCAPTCHA Handler component, which processes K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY arguments. The underlying issue is CWE-320 (Key Management Errors), specifically the use of hard-coded cryptographic keys rather than dynamically configured or securely managed credentials. This allows an attacker to predict or know the cryptographic material used to validate reCAPTCHA responses, potentially bypassing or spoofing CAPTCHA verification. The PHP-based application relies on these keys for server-side reCAPTCHA validation logic.
RemediationAI
Upgrade CouchCMS to version 2.5 or later if a patched version is available; however, patch availability has not been independently confirmed from vendor sources. As an immediate compensating control, administrators should manually configure unique and non-predictable K_RECAPTCHA_SITE_KEY and K_RECAPTCHA_SECRET_KEY values in the production couch/config.php file (not the example config), ensuring these keys are generated fresh from the Google reCAPTCHA console and never derived from example or default values. Implement environment-based configuration management where reCAPTCHA keys are stored as server environment variables or secure vaults rather than in source-controlled files. Verify that the couch/config.example.php file is not exposed to web-accessible directories and restrict file permissions to prevent unauthorized reading. Monitor reCAPTCHA challenge logs for anomalous patterns or repeated failures that might indicate exploitation attempts.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
Same weakness CWE-320 – Key Management Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today