CVE-2025-68109 | ChurchCRM up to 6.5.2 Database Restore os command injection

December 17, 2025 Yanac

A vulnerability, which was classified as critical, was found in ChurchCRM up to 6.5.2. The impacted element is an unknown function of the component Database Restore. The manipulation results in os command injection.

This vulnerability is known as CVE-2025-68109. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More