CVE-2025-63523

| EUVD-2025-200001 MEDIUM
2025-12-01 [email protected] GHSA-qgc9-p7cj-jvh6
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200001
PoC Detected
Dec 02, 2025 - 03:06 vuln.today
Public exploit code
CVE Published
Dec 01, 2025 - 15:15 nvd
MEDIUM 6.5

Tags

Information Disclosure Buffer Overflow Feehicms

Description

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

Analysis

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

Affected Products

Affected products: Feehi Feehicms 2.1.1

Remediation

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

53
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +32
POC: +20

Share

CVE-2025-63523 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy