CVE-2025-54134
Last modified
CVE-2025-54134 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Psu | Haxcms-Nodejs | < 11.0.9 |
References
- https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-54134?
How severe is CVE-2025-54134?
How do I fix CVE-2025-54134?
Are you affected by CVE-2025-54134?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST