CVE-2025-62713

Vulnerability Description

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.

Related Weaknesses (CWE)

CWE-78 CWE-284

References

https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937e
https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p

FAQ

What is CVE-2025-62713?

CVE-2025-62713 is a documented vulnerability. Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. T...

How severe is CVE-2025-62713?

CVSS scoring is not yet available for CVE-2025-62713. Check NVD for updates.

Is there a patch for CVE-2025-62713?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.