CVE-2025-68110

Published: Dec 17, 2025Modified: Dec 18, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.

Affected (1)

Products: Churchcrm: Churchcrm

Churchcrm

1 product

Churchcrm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Churchcrm Churchcrm	Before 6.5.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-82mq-xc2j-3qv2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.