Unrated severityOSV Advisory· Published Dec 4, 2025· Updated Dec 5, 2025

CVE-2025-65900

Description

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Affected products

DifuseHQ/KalmiaOSV
Range: 0.0.1, 0.0.2, 0.1.0, …
Kalmia/CMSllm-create
Range: =0.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Noxurge/CVE-2025-65900/blob/main/README.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000