What is the CVSS score of CVE-2025-65900?

CVE-2025-65900 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Kalmia are affected by CVE-2025-65900?

Organizations using Kalmia CMS version 0.2.0 should be aware of notable risk from CVE-2025-65900, a incorrect authorization vulnerability rated CVSS 6.5.

Is there a public PoC exploit available for CVE-2025-65900?

Yes, a public proof-of-concept exploit is available for CVE-2025-65900. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-65900?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Kalmia CVE-2025-65900

EUVD-2025-201310 MEDIUM

Incorrect Authorization (CWE-863)

2025-12-04 cve@mitre.org

Authentication Bypass Information Disclosure Kalmia

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201310

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 10, 2025 - 21:38 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 22:15 nvd

MEDIUM 6.5

DescriptionCVE.org

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Incorrect Authorization (CWE-863).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-65900 vulnerability details – vuln.today

Back

Kalmia CVE-2025-65900

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code