How to fix CVE-2025-65900?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Kalmia affected by CVE-2025-65900?

Organizations using Kalmia CMS version 0.2.0 should be aware of notable risk from CVE-2025-65900, a incorrect authorization vulnerability rated CVSS 6.5. Attackers could gain access beyond their authorized level. Proof-of-concept code is publicly available.

CVE-2025-65900

EUVD-2025-201310 MEDIUM

2025-12-04 [email protected]

Authentication Bypass Information Disclosure Kalmia

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201310

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 10, 2025 - 21:38 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 22:15 nvd

MEDIUM 6.5

DescriptionNVD

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

AnalysisAI

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Incorrect Authorization (CWE-863).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-65900 vulnerability details – vuln.today

Back

CVE-2025-65900

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code