CVE-2025-66911 | Turms IM Server up to 0.10.0-SNAPSHOT UserServiceController.java handleQueryUserOnlineStatusesRequest access control

December 19, 2025 Yanac

A vulnerability classified as critical has been found in Turms IM Server up to 0.10.0-SNAPSHOT. This affects the function handleQueryUserOnlineStatusesRequest of the file UserServiceController.java. This manipulation causes improper access controls.

The identification of this vulnerability is CVE-2025-66911. The attack needs to be done within the local network. There is no exploit available.VulDB Recent EntriesRead More