← Back

CVE-2025-66397

nvd nist
Published: Dec 17, 2025Modified: Dec 18, 2025

JSON object

Loading...
8.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Exploitability: 2.8 / Impact: 5.5
Source: security-advisories@github.com (Secondary)

Description

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and perform other Kiosk Manager actions such as reload and identify. Version 6.5.3 fixes the issue.

Affected (1)

Products: Churchcrm: Churchcrm
Churchcrm
1 product
Churchcrm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Churchcrm
Before 6.5.3

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.