CVE-2025-62521 | ChurchCRM up to 5.20.x setup/routes/setup.php code injection (GHSA-m8jq-j3p9-2xf3)

A vulnerability classified as critical was found in ChurchCRM up to 5.20.x. Affected by this issue is some unknown functionality of the file setup/routes/setup.php. The manipulation results in code injection.

This vulnerability was named CVE-2025-62521. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.VulDB Recent EntriesRead More