Vulnerability Description
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. This has been fixed in 5.73.6 and 6.2.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Statamic | Statamic | < 5.73.6 |
Related Weaknesses (CWE)
References
- https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8aPatchProduct
- https://github.com/statamic/cms/releases/tag/v5.73.6Release Notes
- https://github.com/statamic/cms/releases/tag/v6.2.5Release Notes
- https://github.com/statamic/cms/security/advisories/GHSA-gwmx-9gcj-332hVendor Advisory
FAQ
What is CVE-2026-25633?
CVE-2026-25633 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. ...
How severe is CVE-2026-25633?
CVE-2026-25633 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25633?
Check the references section above for vendor advisories and patch information. Affected products include: Statamic Statamic.