Missing Authorization Vulnerability in HaruTheme Frames
CVE-2025-60165
4.3MEDIUM
What is CVE-2025-60165?
A missing authorization vulnerability in HaruTheme Frames may allow unauthorized users to access restricted resources due to incorrectly configured access control security levels. This issue affects all versions up to and including 1.5.7, posing risks for websites using the Frames theme. It is crucial for users to review their access control settings and update to the latest version to mitigate potential exploitation.
Affected Version(s)
Frames <= 1.5.7
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)