CVE-2025-67004
MEDIUMCouchCMS 2.4 - Authenticated Path Traversal and Information Disclosure
Title source: llmDescription
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://gist.github.com/thepiyushkumarshukla/d01f8004c43692f18c75548f4739955a
Product
https://www.couchcms.com/
Scores
CVSS v3
6.5
EPSS
0.0556
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
couchcms/couchcms
2.4
Published
Jan 09, 2026
Tracked Since
Feb 18, 2026