CVE-2025-66397 — HIGH (8.3)

Q: How severe is CVE-2025-66397?

CVE-2025-66397 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-66397?

Check the references section above for vendor advisories and patch information. Affected products include: Churchcrm Churchcrm.

Vulnerability Description

ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to allow and accept kiosk registrations, and perform other Kiosk Manager actions such as reload and identify. Version 6.5.3 fixes the issue.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Churchcrm	Churchcrm	< 6.5.3

Related Weaknesses (CWE)

CWE-284

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-32vr-ch3p-wmr5ExploitVendor Advisory

FAQ

What is CVE-2025-66397?

CVE-2025-66397 is a vulnerability with a CVSS score of 8.3 (HIGH). ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from bro...

How severe is CVE-2025-66397?

CVE-2025-66397 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66397?

Check the references section above for vendor advisories and patch information. Affected products include: Churchcrm Churchcrm.