{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2653","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-22T08:12:18.072Z","datePublished":"2025-03-23T15:31:10.397Z","dateUpdated":"2025-03-24T12:18:51.439Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-23T15:31:10.397Z"},"title":"FoxCMS improper authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-285","lang":"en","description":"Improper Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"n/a","product":"FoxCMS","versions":[{"version":"1.25","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Eine Schwachstelle wurde in FoxCMS 1.25 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Mittels dem Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-03-22T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-22T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-22T09:17:32.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"beize (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.300668","name":"VDB-300668 | FoxCMS improper authorization","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.300668","name":"VDB-300668 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.519927","name":"Submit #519927 | https://www.foxcms.cn/ FOXcms V1.25 Unauthorized vulnerabilities","tags":["third-party-advisory"]},{"url":"https://www.yuque.com/yuqueyonghuveuwuh/aveeid/nvg6rd3qw1ww83yo?singleDoc","tags":["broken-link","exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-24T12:18:43.398508Z","id":"CVE-2025-2653","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-24T12:18:51.439Z"}}]}}