Security Advisory

CVE-2025-67874

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-16 00:44:43

Last updated 2025-12-16 20:06:29

Assigner GitHub_M

State PUBLISHED

Description

ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other vulnerabilities (e.g., XSS, IDOR, session fixation), enabling attackers to harvest other users’ passwords. Version 6.5.0 fixes the issue.

← Browse all CVEs View on cve.org ↗