关键漏洞信息 CVE ID: CVE-2025-65900 Product: DifuseHQ Kalmia CMS Affected Version: 0.2.0 Vulnerability Type: Incorrect Access Control Privileges Required: Low (Read-only user account) Impact: - Allows a low-privileged user to retrieve sensitive information for all platform accounts, including Blowfish password hashes. - Enables offline cracking, privilege escalation, and potential administrative account compromise leading to full system takeover. Technical Details Affected Components: - Authentication System: - User Management API: Exploitation Process 1. Initial Access: Obtain a legitimate read-only user account. 2. Authentication: Log in to the system using read-only credentials. 3. Access Sensitive Data: Use tools like Burp Suite to access and view sensitive user information and password hashes via API endpoint . 4. Password Hash Cracking: Use password cracking tools like to recover plaintext passwords. 5. Full Compromise: Exploit retrieved passwords for full access. Proof of Concept (PoC) Script: Usage: Automates the exploitation process with provided options for URL, user, password, and endpoints. References CVE-2025-65900 CWE-863: Incorrect Authorization Disclaimer For educational and defensive purposes. Users must have authorization before testing systems.