CVE-2025-67004 | THREATINT

Description

** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.

PUBLISHED Reserved 2025-12-08 | Published 2026-01-09 | Updated 2026-01-23 | Assigner mitre

References

www.couchcms.com/

github.com/CouchCMS/CouchCMS

gist.github.com/...arshukla/d01f8004c43692f18c75548f4739955a

cve.org (CVE-2025-67004)

nvd.nist.gov (CVE-2025-67004)

Download JSON