CVE-2025-66911 | Turms IM Server up to 0.10.0-SNAPSHOT UserServiceController.java handleQueryUserOnlineStatusesRequest access control

Inserito da Angelo Barbosa | Dic 19, 2025 | CVE

A vulnerability classified as critical has been found in Turms IM Server up to 0.10.0-SNAPSHOT. This affects the function handleQueryUserOnlineStatusesRequest of the file UserServiceController.java. This manipulation causes improper access controls.

The identification of this vulnerability is CVE-2025-66911. The attack needs to be done within the local network. There is no exploit available.

CVE-2025-66911 | Turms IM Server up to 0.10.0-SNAPSHOT UserServiceController.java handleQueryUserOnlineStatusesRequest access control

Post correlati

CVE-2025-53112 | glpi up to 10.0.18 access control

CVE-2024-10446 | Project Worlds Online Time Table Generator 1.0 admindashboard.php?info=add_course c sql injection

CVE-2024-35183 | wolfi-dev wolfictl up to 0.16.9 file access (GHSA-8fg7-hp93-qhvr)

CVE-2025-27275 | andrew_fisher WOO Codice Fiscale Plugin up to 1.6.3 on WordPress cross site scripting