CVE-2025-15005

LOW

CouchCMS <2.4 - Info Disclosure

Title source: llm

Description

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.337711

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.337711

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.718998

[Exploit, Third Party Advisory] https://note-hxlab.wetolink.com/share/jNNcrdrNyCvl

[Exploit, Third Party Advisory] https://note-hxlab.wetolink.com/share/jNNcrdrNyCvl#-span--strong-proof-of-concept---strong---span-

Scores

CVSS v3 3.7

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-320 CWE-321

Status published

Products (1)

couchcms/couchcms < 2.4

Published Dec 22, 2025

Tracked Since Feb 18, 2026