CVE-2025-11529 | ChurchCRM up to 5.18.0 API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

A vulnerability labeled as critical has been found in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication.

This vulnerability is identified as CVE-2025-11529. The attack can be executed remotely. Additionally, an exploit exists.

A patch should be applied to remediate this issue.VulDB Recent EntriesRead More