CVE-2026-25633
Last modified
CVE-2026-25633 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. This has been fixed in 5.73.6 and 6.2.5.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Statamic | Statamic | < 5.73.6 |
| Statamic | Statamic | >= 6.0.0, < 6.2.5 |
References
- https://github.com/statamic/cms/releases/tag/v5.73.6Release Notes
- https://github.com/statamic/cms/releases/tag/v6.2.5Release Notes
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-25633?
How severe is CVE-2026-25633?
How do I fix CVE-2026-25633?
Are you affected by CVE-2026-25633?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST