Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025
Masa CMS vulnerable to authentication bypass with /tag/
CVE-2024-32643
Description
Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/MasaCMS/MasaCMS/commit/d1a2e57ef8dbc50c87b178eacc85fcccb05f5b6cmitrex_refsource_MISC
- github.com/MasaCMS/MasaCMS/security/advisories/GHSA-f469-jh82-97fvmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.