CVE-2025-65900 - Vulnerability Details

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kalmia	Kalmia Cms

No data.

References

Link	Providers
https://github.com/DifuseHQ/Kalmia
https://github.com/Noxurge/CVE-2025-65900/blob/main/README.md

History

Fri, 05 Dec 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kalmia Kalmia kalmia Cms
Vendors & Products		Kalmia Kalmia kalmia Cms

Thu, 04 Dec 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.
References		https://github.com/DifuseHQ/Kalmia https://github.com/Noxurge/CVE-2025-65900/blob/main/README.md

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-12-04T00:00:00.000Z

Updated: 2025-12-04T21:16:26.421Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65900

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-04T22:15:49.127

Modified: 2025-12-04T22:15:49.127

Link: CVE-2025-65900

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object