CVE-2025-13576 MEDIUM

CVE-2025-13576: code-projects Blog Site admin.php improper authorization

Vendor Code-Projects

Product Blog Site

Weakness CWE-285

Published November 24, 2025

Last update November 24, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.

Key dates

02Disclosure timeline

November 24, 2025 CVE published

November 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13576 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2026-30870 Some sync filters in PowerSync Service ignored using `config.edition: 3` CVE-2025-10318 JeecgBoot WebSocket Message sendWebSocketMsg improper authorization CVE-2022-31167 XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference CVE-2024-39417 An unauthorized user can export the Shipping Report CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens