Low severity3.7NVD Advisory· Published Dec 22, 2025· Updated Apr 29, 2026

CVE-2025-15005

Description

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks.

Affected products

Couchcms/Couchcms
cpe:2.3:a:couchcms:couchcms:*:*:*:*:*:*:*:*
Range: <=2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

note-hxlab.wetolink.com/share/jNNcrdrNyCvlnvdExploitThird Party Advisory
note-hxlab.wetolink.com/share/jNNcrdrNyCvlnvdExploitThird Party Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000