What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bogdan Bendziukov Squeeze squeeze allows Retrieve Embedded Sensitive Data.This issue affects Squeeze: from n/a through <= 1.6.
Explanation of Vulnerability in Simple Terms
02Summary
Squeeze versions 1.6 and earlier contain an exposure of sensitive information to an authenticated high-privilege user. An attacker with administrative access can read data that should be restricted. The vulnerability requires network access and high-level privileges but no user interaction. Update to version 1.7 or later to remediate.
What an attacker can do
03Attacker Capabilities
Read sensitive data restricted to other users or components.
Potential impact on your site
04Site Impact
Administrators with malicious intent can access confidential information they should not see.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative privileges on the site.
Key dates
06Disclosure timeline
April 9, 2025
CVE published
April 28, 2026
Record updated