CVE-2025-70963 in Gophishinfo

Zusammenfassung

von MITRE • 06.02.2026

Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

MITRE

Reservieren

09.01.2026

Veröffentlichung

06.02.2026

Moderieren

akzeptiert

Eintrag

VDB-344734

CPE

bereit

CWE

CWE-284 (bestätigt)

CVSS

7.6 (CISA-ADP)

EPSS

0.00017

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-70963
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-70963
CVE Details	https://www.cvedetails.com/cve/CVE-2025-70963/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!