CVE-2025-11529
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The patch is identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4. A patch should be applied to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11529
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
churchcrm churchcrm to 5.19.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw in ChurchCRM versions up to 5.18.0, specifically in the AuthMiddleware function of the API Endpoint. It allows an attacker to bypass authentication remotely, meaning unauthorized users can access the system without proper credentials. The flaw results from manipulation that causes missing authentication checks.

Impact Analysis

The vulnerability can allow attackers to gain unauthorized access to the ChurchCRM system remotely. This can lead to exposure or modification of sensitive data, unauthorized actions within the system, and potential compromise of the integrity and availability of the application.

Mitigation Strategies

Apply the patch identified as 3a1cffd2aea63d884025949cfbcfd274d06216a4 to the ChurchCRM software to remediate the missing authentication issue in the AuthMiddleware component.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11529. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart