CVE-2025-68110 CRITICAL

CVE-2025-68110: ChurchCRM discloses database information on error message

Vendor Churchcrm

Product CRM

Weakness CWE-200 · Info exposure

Published December 17, 2025

Last update December 18, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.

Key dates

02Disclosure timeline

December 17, 2025 CVE published

December 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-68110 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2025-68110: ChurchCRM discloses database information on error message

01Description

02Disclosure timeline

03References

04Related CVE