CVE-2025-22973

Published: Feb 20, 2025Modified: Jun 18, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.

Affected (1)

Products: Qibosoft: Qibocms X1

Qibosoft

1 product

Qibocms X1

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qibosoft Qibocms X1	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://github.com/202110420106/CVE/blob/master/CVE-2025-22973.md

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.