CVE-2025-57805

Vulnerability Description

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.

Related Weaknesses (CWE)

CWE-20

References

https://github.com/The-Scratch-Channel/tsc-web-client/security/advisories/GHSA-h

FAQ

What is CVE-2025-57805?

CVE-2025-57805 is a documented vulnerability. The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's...

How severe is CVE-2025-57805?

CVSS scoring is not yet available for CVE-2025-57805. Check NVD for updates.

Is there a patch for CVE-2025-57805?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.