What is the CVSS score of EUVD-2025-32505?

EUVD-2025-32505 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Phpmyfaq are affected by EUVD-2025-32505?

Organizations using phpMyFAQ face notable risk from CVE-2025-59943, a improper access control vulnerability rated CVSS 8.1.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-32505?

Yes, a public proof-of-concept exploit is available for EUVD-2025-32505. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-32505?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Phpmyfaq EUVD-2025-32505

| CVE-2025-59943 HIGH

Improper Access Control (CWE-284)

2025-10-03 security-advisories@github.com

GHSA-9wj2-4hcm-r74j

Authentication Bypass Privilege Escalation Phpmyfaq

8.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.1 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32505

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

PoC Detected

Oct 10, 2025 - 16:35 vuln.today

Public exploit code

Patch released

Oct 10, 2025 - 16:35 nvd

Patch available

CVE Published

Oct 03, 2025 - 21:15 nvd

HIGH 8.1

DescriptionGitHub Advisory

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

Analysis

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Access Control (CWE-284).

RemediationAI

A vendor patch is available — apply it immediately. Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

EUVD-2025-32505 vulnerability details – vuln.today

Back