CVE-2025-57805
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2025-08-26

Assigner: GitHub, Inc.

Description
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2025-08-26
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57805
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
the-scratch-channel tsc-web-client v1.2
the-scratch-channel tsc-web-client v1.1
the-scratch-channel tsc-web-client v1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects The Scratch Channel news website versions 1 and 1.1. It allows an attacker to send a POST request to the article publishing endpoint and post an article in any category with any date, without requiring any authentication or login. This means unauthorized users can publish articles arbitrarily. The issue was fixed in version 1.2.

Impact Analysis

The vulnerability can allow unauthorized users to publish articles on the website, potentially leading to misinformation, defacement, or manipulation of published content. This can damage the website's credibility, mislead readers, and disrupt normal operations.

Mitigation Strategies

Upgrade the Scratch Channel software to version 1.2 or later, as this version contains the patch that fixes the vulnerability allowing unauthorized article posting.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart