CVE-2025-66397 | ChurchCRM up to 6.5.2 Kiosk Manager Feature acceptKiosk/reloadKiosk/identifyKiosk access control (GHSA-32vr-ch3p-wmr5)

A vulnerability categorized as critical has been discovered in ChurchCRM up to 6.5.2. This impacts the function acceptKiosk/reloadKiosk/identifyKiosk of the component Kiosk Manager Feature. Such manipulation leads to improper access controls.

This vulnerability is documented as CVE-2025-66397. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.VulDB Recent EntriesRead More