Medium severityNVD Advisory· Published Jan 13, 2025· Updated Apr 15, 2026

CVE-2025-22138

Description

@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates.

Patches

Not yet patched.

Workarounds

None available. Private or limited-visibility categories should not be considered ways to store sensitive information.

References

Internal: SUPPORT-114

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/codidact/qpixel/security/advisories/GHSA-pv74-hcg9-65r4nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000