Overview
CVE-2025-65900 identifies a critical security vulnerability affecting Kalmia CMS version 0.2.0. This vulnerability, classified as an Incorrect Access Control issue, resides within the /kal-api/auth/users API endpoint. It allows authenticated users with even basic read permissions to access and retrieve sensitive information belonging to all users on the platform. This unauthorized access is due to a lack of proper permission validation and excessive data exposure within the backend API.
Technical Details
The vulnerability stems from insufficient access control checks when querying the /kal-api/auth/users endpoint. A standard authenticated user, who should only have access to their own user data, can bypass these checks and retrieve data for other users. The API incorrectly returns a comprehensive list of users and their associated details, including potentially sensitive information. The underlying code does not enforce strict role-based access control, making it possible for unauthorized users to enumerate and access privileged information.
An attacker can leverage this by:
- Authenticating to the Kalmia CMS with a valid, low-privileged user account.
- Making a request to the
/kal-api/auth/usersendpoint. - Receiving a response containing sensitive data for all users on the platform.
Example API Request (Illustrative):
GET /kal-api/auth/users HTTP/1.1
Host: your-kalmia-cms-instance.com
Authorization: Bearer [Valid User Token]
Example Vulnerable Response (Illustrative):
[
{
"id": "user123",
"username": "admin",
"email": "admin@example.com",
"role": "administrator",
"other_sensitive_data": "..."
},
{
"id": "user456",
"username": "regularuser",
"email": "regularuser@example.com",
"role": "user",
"other_sensitive_data": "..."
},
...
]
CVSS Analysis
Currently, a CVSS score has not been assigned to CVE-2025-65900. However, based on the nature of the vulnerability – unauthorized access to sensitive user data – it is likely to receive a score in the Medium to High range once evaluated. The lack of a score at this time does not diminish the severity of the risk it poses.
Possible Impact
The exploitation of CVE-2025-65900 can have significant consequences:
- Data Breach: Exposure of user emails, usernames, and potentially other sensitive user-related information.
- Privilege Escalation: Attackers can leverage exposed information to identify and target privileged accounts (e.g., administrators) for further exploitation.
- Account Takeover: Exposed credentials (if any) can be used to compromise user accounts.
- Reputational Damage: A data breach can severely damage the reputation and trustworthiness of the organization using the affected Kalmia CMS instance.
- Compliance Violations: Data breaches can lead to violations of data privacy regulations (e.g., GDPR, CCPA) resulting in potential fines and legal repercussions.
Mitigation or Patch Steps
The primary mitigation strategy is to apply the official patch or upgrade to a secure version of Kalmia CMS that addresses the vulnerability. Contact Kalmia CMS support for official patch information. In the interim, consider the following temporary mitigation steps:
- Restrict Access: Implement network-level access controls to limit access to the
/kal-api/auth/usersendpoint based on IP address or user role. This is a temporary workaround and should not replace the official patch. - Web Application Firewall (WAF): Deploy a WAF with rules to detect and block requests attempting to exploit this vulnerability.
- Monitor Logs: Continuously monitor application logs for suspicious activity related to the
/kal-api/auth/usersendpoint.
References
Kalmia CMS Repository (GitHub)
CVE-2025-65900 Exploit Details (GitHub)
