CVE-2025-65094 in WBCEinfo

Zusammenfassung

von MITRE • 19.11.2025

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

17.11.2025

Veröffentlichung

19.11.2025

Moderieren

akzeptiert

Eintrag

VDB-333022

CPE

bereit

CWE

CWE-266 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.00064

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Hostingprovider, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-65094
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-65094
CVE Details	https://www.cvedetails.com/cve/CVE-2025-65094/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!