CVE-2025-70866
Unknown Unknown - Not Provided

Incorrect Access Control in LavaLite CMS Allows Admin Access

Vulnerability report for CVE-2025-70866, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-13

Last updated on: 2026-02-19

Assigner: MITRE

Description

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider without role-based access control verification.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-13
Last Modified
2026-02-19
Generated
2026-07-06
AI Q&A
2026-02-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lavalite lavalite 10.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

LavaLite CMS version 10.1.0 has an Incorrect Access Control vulnerability. This means that an authenticated user with low-level privileges, such as a regular User role, can bypass restrictions and directly access the admin backend by logging in through the /admin/login page.

The root cause of this vulnerability is that the admin and user authentication guards use the same user provider but do not verify role-based access control properly.

Impact Analysis

This vulnerability allows low-privileged users to gain unauthorized access to the administrative backend of the LavaLite CMS. As a result, such users could potentially perform administrative actions, modify content, change configurations, or access sensitive information that should be restricted to administrators.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70866. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart