Home

Description

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and perform other Kiosk Manager actions such as reload and identify. Version 6.5.3 fixes the issue.

PUBLISHED Reserved 2025-11-28 | Published 2025-12-17 | Updated 2025-12-17 | Assigner GitHub_M




HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Problem types

CWE-284: Improper Access Control

Product status

< 6.5.3
affected

References

github.com/...RM/CRM/security/advisories/GHSA-32vr-ch3p-wmr5

cve.org (CVE-2025-66397)

nvd.nist.gov (CVE-2025-66397)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.