CVE-2025-70866
Unknown Unknown - Not Provided
Incorrect Access Control in LavaLite CMS Allows Admin Access

Publication date: 2026-02-13

Last updated on: 2026-02-19

Assigner: MITRE

Description
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70866
EUVD
EUVD-2025-207527
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lavalite lavalite 10.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

LavaLite CMS version 10.1.0 has an Incorrect Access Control vulnerability. This means that an authenticated user with low-level privileges, such as a regular User role, can bypass restrictions and directly access the admin backend by logging in through the /admin/login page.

The root cause of this vulnerability is that the admin and user authentication guards use the same user provider but do not verify role-based access control properly.

Impact Analysis

This vulnerability allows low-privileged users to gain unauthorized access to the administrative backend of the LavaLite CMS. As a result, such users could potentially perform administrative actions, modify content, change configurations, or access sensitive information that should be restricted to administrators.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart