CVE-2025-31122

CRITICAL

scratch-coding-hut.github.io <1.0-beta3 - Auth Bypass

Title source: llm

Description

scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.

References (2)

[Vendor Advisory] https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut/security/advisories/GHSA-mmg3-567w-v9j2

[Issue Tracking] https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut.github.io/issues/56

Scores

CVSS v4 9.0

EPSS 0.0024

EPSS Percentile 47.5%

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287 CWE-290

Status published

Products (1)

Scratch-Coding-Hut/Scratch-Coding-Hut <= 1.0-beta3

Published Mar 31, 2025

Tracked Since Feb 18, 2026