CVE-2025-50904
CRITICALWinterChenS my-site < 2025-06-11 - Unauthenticated Authentication Bypass via /admin/ API
Title source: llmDescription
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory
https://github.com/WinterChenS/my-site/issues/95
Scores
CVSS v3
9.8
EPSS
0.0042
EPSS Percentile
32.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-288
Status
published
Products (1)
winterchens/my-site
< 2025-06-11
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026