CVE-2025-54761

Published: Sep 19, 2025Modified: Sep 25, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.

Affected (1)

Products: Yandaozi: Ppress

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yandaozi Ppress	Version 0.0.9 beta

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (2)

https://github.com/quarter77/PPress-CMS_vulnerability_chain_details/blob/main/CVE-2025-54761%20Details.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/yandaozi/PPress/releases/tag/v0.0.9-beta

Source: cve@mitre.org

Release Notes

Timeline

No history available yet.