Vulnerability Description
WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, but server-side validation is missing, allowing attackers to overwrite their group membership and obtain full administrative access. This results in a complete compromise of the CMS. This issue has been patched in version 1.6.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wbce | Wbce Cms | < 1.6.4 |
Related Weaknesses (CWE)
References
- https://github.com/WBCE/WBCE_CMS/commit/96046178f4c80cf16f7c224054dec7fdadddda7ePatch
- https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-hmmw-4ccm-fx44ExploitPatchVendor Advisory
FAQ
What is CVE-2025-65094?
CVE-2025-65094 is a vulnerability with a CVSS score of 8.8 (HIGH). WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups[] parameter in t...
How severe is CVE-2025-65094?
CVE-2025-65094 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65094?
Check the references section above for vendor advisories and patch information. Affected products include: Wbce Wbce Cms.