CVE-2025-57805
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the-scratch-channel | tsc-web-client | v1.2 |
| the-scratch-channel | tsc-web-client | v1.1 |
| the-scratch-channel | tsc-web-client | v1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects The Scratch Channel news website versions 1 and 1.1. It allows an attacker to send a POST request to the article publishing endpoint and post an article in any category with any date, without requiring any authentication or login. This means unauthorized users can publish articles arbitrarily. The issue was fixed in version 1.2.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to publish articles on the website, potentially leading to misinformation, defacement, or manipulation of published content. This can damage the website's credibility, mislead readers, and disrupt normal operations.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Scratch Channel software to version 1.2 or later, as this version contains the patch that fixes the vulnerability allowing unauthorized article posting.