Vulnerability Description
A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Couchcms | Couchcms | <= 2.4 |
Related Weaknesses (CWE)
References
- https://note-hxlab.wetolink.com/share/jNNcrdrNyCvlExploitThird Party Advisory
- https://note-hxlab.wetolink.com/share/jNNcrdrNyCvl#-span--strong-proof-of-concepExploitThird Party Advisory
- https://vuldb.com/?ctiid.337711Permissions RequiredVDB Entry
- https://vuldb.com/?id.337711Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.718998Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15005?
CVE-2025-15005 is a vulnerability with a CVSS score of 3.7 (LOW). A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_R...
How severe is CVE-2025-15005?
CVE-2025-15005 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15005?
Check the references section above for vendor advisories and patch information. Affected products include: Couchcms Couchcms.