Orangehrm

6 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-66291 MEDIUM PATCH This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-66290 MEDIUM This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-66289 HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orangehrm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-66225 HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-66224 CRITICAL Act Now

OrangeHRM is a comprehensive human resource management (HRM) system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orangehrm
NVD GitHub
CVSS 4.0
9.0
EPSS
0.1%
CVE-2025-44040 HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-66291
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Orangehrm
NVD GitHub
CVE-2025-66290
EPSS 0% CVSS 5.3
MEDIUM This Month

OrangeHRM is a comprehensive human resource management (HRM) system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVE-2025-66289
EPSS 0% CVSS 8.7
HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orangehrm
NVD GitHub
CVE-2025-66225
EPSS 0% CVSS 8.7
HIGH This Week

OrangeHRM is a comprehensive human resource management (HRM) system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orangehrm
NVD GitHub
CVE-2025-66224
EPSS 0% CVSS 9.0
CRITICAL Act Now

OrangeHRM is a comprehensive human resource management (HRM) system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orangehrm
NVD GitHub
CVE-2025-44040
EPSS 0% CVSS 7.2
HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy