← Back

CVE-2025-71242

nvd nist
Published: Feb 19, 2026Modified: Mar 2, 2026

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.

Affected (3)

Products: Spip: Spip
Spip
1 product
Spip
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Spip
Spip
From 4.1.0 to 4.1.20
Spip
From 4.2.0 to 4.2.17
Spip
From 4.3.0 to 4.3.6

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (3)

Source: disclosure@vulncheck.com
Broken Link
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.