Vulners
Lucene search
CVE-2025-62521
🗓️ 17 Dec 2025 19:03:20Reported by GitHub_MType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 8 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2026-39337 | 7 Apr 202618:08 | – | attackerkb |
 | CVE-2025-62521 | 17 Dec 202522:56 | – | circl |
 | ChurchCRM 代码注入漏洞 | 17 Dec 202500:00 | – | cnnvd |
 | ChurchCRM Code Execution Vulnerability | 25 Dec 202500:00 | – | cnvd |
 | CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard | 17 Dec 202519:03 | – | cvelist |
 | EUVD-2025-203917 | 17 Dec 202519:03 | – | euvd |
| EUVD-2026-19835 | 7 Apr 202618:08 | – | euvd |
 | ChurchCRM Unauthenticated RCE via Setup Page | 16 Feb 202618:59 | – | metasploit |
 | CVE-2025-62521 | 17 Dec 202519:16 | – | nvd |
 | CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard | 17 Dec 202519:03 | – | osv |
10
[
{
"vendor": "ChurchCRM",
"product": "CRM",
"versions": [
{
"version": "< 5.21.0",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| DB_PASSWORD | request body | setup/routes/setup.php | Pre-auth RCE via setup form: input is written into a PHP config template and executed on every request (Include/Config.php). | CWE-94 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Dec 2025 19:10Current
7.9High risk
Vulners AI Score7.9
CVSS 3.19.8 - 10
EPSS0.53905
SSVC