CVE-2026-25125 | October CMS up to 3.7.13/4.1.9 Environment Variable parse_ini_string information disclosure (GHSA-g6v3-wv4j-x9hg)

A vulnerability classified as problematic has been found in October CMS up to 3.7.13/4.1.9. Affected is the function parse_ini_string of the component Environment Variable Handler. The manipulation leads to information disclosure.

This vulnerability is uniquely identified as CVE-2026-25125. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More