CVE-2025-2638 MEDIUM

CVE-2025-2638: JIZHICMS Article release.html improper authorization

Vendor N/A
Product JIZHICMS
Weakness CWE-285
Published March 23, 2025
Last update March 24, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 23, 2025 CVE published
March 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-39342 OpenFGA Authorization Bypass CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details CVE-2024-7851 SourceCodester Yoga Class Registration System Add User Users.php improper authorization CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data