CVE-2025-11529

🗓️ 09 Oct 2025 03:02:11Reported by VulDBType

CVE-2025-11529: ChurchCRM up to 5.18.0 has missing auth in AuthMiddleware; patch released.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-11529	9 Oct 202503:02	–	attackerkb
CNNVD	ChurchCRM 安全漏洞	9 Oct 202500:00	–	cnnvd
CNVD	ChurchCRM Authentication Error Vulnerability	21 Oct 202500:00	–	cnvd
Cvelist	CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication	9 Oct 202503:02	–	cvelist
EUVD	EUVD-2025-33260	9 Oct 202503:02	–	euvd
NVD	CVE-2025-11529	9 Oct 202503:15	–	nvd
Positive Technologies	PT-2025-41335	9 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11529	10 Oct 202503:23	–	redhatcve
Vulnrichment	CVE-2025-11529 ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication	9 Oct 202503:02	–	vulnrichment

NVD

Vulners

Node

churchcrm churchcrmRange<5.19.0

[
  {
    "vendor": "n/a",
    "product": "ChurchCRM",
    "versions": [
      {
        "version": "5.0",
        "status": "affected"
      },
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "5.2",
        "status": "affected"
      },
      {
        "version": "5.3",
        "status": "affected"
      },
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "5.5",
        "status": "affected"
      },
      {
        "version": "5.6",
        "status": "affected"
      },
      {
        "version": "5.7",
        "status": "affected"
      },
      {
        "version": "5.8",
        "status": "affected"
      },
      {
        "version": "5.9",
        "status": "affected"
      },
      {
        "version": "5.10",
        "status": "affected"
      },
      {
        "version": "5.11",
        "status": "affected"
      },
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "5.13",
        "status": "affected"
      },
      {
        "version": "5.14",
        "status": "affected"
      },
      {
        "version": "5.15",
        "status": "affected"
      },
      {
        "version": "5.16",
        "status": "affected"
      },
      {
        "version": "5.17",
        "status": "affected"
      },
      {
        "version": "5.18.0",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "API Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/uartu0/advisories/blob/main/churchcrm-api-auth-bypass-2025.md
vuldb	www.vuldb.com/
github	www.github.com/ChurchCRM/CRM/commit/3a1cffd2aea63d884025949cfbcfd274d06216a4
vuldb	www.vuldb.com/
github	www.github.com/ChurchCRM/CRM/pull/7376

29 Apr 2026 01:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.3 - 9.8

CVSS 46.9

CVSS 27.5

CVSS 37.3

EPSS0.00162

SSVC