Critical severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025
CVE-2025-67165
CVE-2025-67165
Description
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pagekit/pagekitPackagist | <= 1.0.18 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-w3j8-9p3j-3wjxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67165ghsaADVISORY
- github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67165ghsaWEB
- github.com/pagekit/docs/blob/develop/user-interface/users.mdghsaWEB
- github.com/pagekit/docs/blob/develop/user-interface/users.mdghsaWEB
News mentions
0No linked articles in our index yet.