VYPR
Medium severityOSV Advisory· Published Jan 13, 2025· Updated Jun 17, 2026

CVE-2025-22138

CVE-2025-22138

Description

@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates.

Patches

Not yet patched.

Workarounds

None available. Private or limited-visibility categories should not be considered ways to store sensitive information.

References

Internal: SUPPORT-114

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Codidact/QpixelOSV2 versions
    v0.3.0, v0.4.0, v0.5.0, …+ 1 more
    • (no CPE)range: v0.3.0, v0.4.0, v0.5.0, …
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.