User Account Manipulation Vulnerability in Scratch Channel News Website
CVE-2025-55301

6.7MEDIUM

Key Information:

Vendor

The-scratch-channel

Status
The-scratch-channel.github.io
Vendor
CVE Published:
25 August 2025

What is CVE-2025-55301?

The Scratch Channel news website has a vulnerability in its web application that allows unauthorized access to user accounts. In version 1.0, users can manipulate their account's username through the developer tools by editing local storage. This security flaw potentially exposes user information and undermines account integrity. Fortunately, the issue has been addressed in version 1.1, where necessary patches were implemented to enhance security and protect user accounts.

Affected Version(s)

the-scratch-channel.github.io = 1

References

https://github.com/The-Scratch-Channel/tsc-web-client/sec...
x_refsource_CONFIRM
https://github.com/The-Scratch-Channel/tsc-web-client/dis...
x_refsource_MISC
https://github.com/The-Scratch-Channel/tsc-web-client/rel...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-55301 : User Account Manipulation Vulnerability in Scratch Channel News Website