Sensitive Information Exposure in Personal Management System by Morysummer
CVE-2025-29453

6.5MEDIUM

Key Information:

Vendor: Morysummer
Status: Personal Management System
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-29453?

A vulnerability exists in the Personal Management System version 1.4.65, which permits remote attackers to access sensitive user information through the my-contacts-settings component. This flaw could lead to unauthorized access to personal data, posing significant risks to user privacy and security.

References

https://www.yuque.com/morysummer/vx41bz/pgg9q7kdbkggtq08

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Mar 11, 2025