CVE-2025-28104

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-28104
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/coleak2021/d5fea0f7d32a2de38130da089f4fb735
https://github.com/DogukanUrker/flaskBlog/issues/130
Configurations

No configuration.

History

12 May 2025, 16:15

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1

23 Apr 2025, 14:08

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en laskBlog v2.6.1 permite a los atacantes acceder a todos los nombres de usuario a travĂ©s de una entrada manipulada especĂ­ficamente para ello.

21 Apr 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-21 18:15

Updated : 2025-05-12 16:15

NVD link : CVE-2025-28104

Mitre link : CVE-2025-28104

CVE.ORG link : CVE-2025-28104

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control