Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Difuse |
|
| Kalmia |
|
No data.
References
History
Wed, 10 Dec 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Difuse
Difuse kalmia |
|
| CPEs | cpe:2.3:a:difuse:kalmia:0.2.0:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Difuse
Difuse kalmia |
Mon, 08 Dec 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-204 | |
| Metrics |
cvssV3_1
|
Fri, 05 Dec 2025 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Kalmia
Kalmia kalmia Cms |
|
| Vendors & Products |
Kalmia
Kalmia kalmia Cms |
Thu, 04 Dec 2025 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-12-04T00:00:00.000Z
Updated: 2025-12-08T16:36:55.860Z
Reserved: 2025-11-18T00:00:00.000Z
Link: CVE-2025-65899
Vulnrichment
Updated: 2025-12-08T16:35:58.114Z
NVD
Status : Analyzed
Published: 2025-12-04T22:15:48.927
Modified: 2025-12-10T21:39:06.760
Link: CVE-2025-65899
Redhat
No data.