CVE-2025-67875
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| churchcrm | churchcrm | to 6.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in ChurchCRM prior to version 6.5.3 allows an authenticated user with specific mid-level permissions to inject a persistent Cross-Site Scripting (XSS) payload into an administrator's profile. The payload executes when the administrator views their profile, enabling the attacker to hijack the administrator's session, perform administrative actions, and take over the account. It results from a combination of an Insecure Direct Object Reference (IDOR) that lets any user view any other user's profile and a Broken Access Control vulnerability that allows users with edit permissions to modify other users' record properties.
How can this vulnerability impact me? :
This vulnerability can lead to a full account takeover of administrator accounts by attackers with mid-level permissions. The attacker can hijack administrator sessions and perform unauthorized administrative actions, potentially compromising the entire system's security and integrity.
What immediate steps should I take to mitigate this vulnerability?
Upgrade ChurchCRM to version 6.5.3 or later, as this version fixes the privilege escalation vulnerability. Additionally, review user permissions to ensure that only trusted users have the 'Edit Records' and 'Manage Properties and Classifications' permissions to reduce risk until the upgrade is applied.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if your ChurchCRM installation is running a vulnerable version prior to 6.5.3. Additionally, you can check for unauthorized property assignments or suspicious XSS payloads injected into user profiles, especially administrator profiles. Since the vulnerability involves accessing URLs like PersonView.php?PersonID=1 and modifying properties via PropertyAssign.php, you can monitor web server logs for unusual access patterns to these endpoints by users with mid-level permissions. For detection, you might use commands to search logs for such accesses, for example: 1) To find access to admin profile pages: grep 'PersonView.php?PersonID=1' /path/to/access.log 2) To find POST requests to PropertyAssign.php: grep 'PropertyAssign.php' /path/to/access.log 3) To detect suspicious payloads, search for common XSS patterns in stored properties or logs, e.g., grep -iE '<img|onerror|alert' /path/to/database_or_logs. Ultimately, upgrading to version 6.5.3 or later is the recommended mitigation. [1]