CVE-2025-55301 MEDIUM

CVE-2025-55301: The Scratch Channel Allows Username Modification

Vendor The-Scratch-Channel
Product the-scratch-channel.github.io
Weakness CWE-20 · Input validation
Published August 25, 2025
Last update August 25, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.

Key dates

02Disclosure timeline

August 25, 2025 CVE published
August 25, 2025 Record updated