{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:21:12.635","vulnerabilities":[{"cve":{"id":"CVE-2025-54134","sourceIdentifier":"security-advisories@github.com","published":"2025-07-21T21:15:26.863","lastModified":"2025-07-30T17:07:18.563","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9."},{"lang":"es","value":"HAX CMS NodeJS permite a los usuarios gestionar su universo de micrositios con un backend NodeJS. En las versiones 11.0.8 y anteriores, la aplicación HAX CMS NodeJS se bloquea cuando un atacante autenticado proporciona una solicitud de API sin los parámetros de URL requeridos. Esta vulnerabilidad afecta a los endpoints listFiles y saveFiles. Esta vulnerabilidad existe porque la aplicación no gestiona correctamente las excepciones que se producen como resultado de cambios en los parámetros de URL modificables por el usuario. Esto se ha corregido en la versión 11.0.9."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-248"},{"lang":"en","value":"CWE-703"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:psu:haxcms-nodejs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"11.0.9","matchCriteriaId":"C5288B68-8903-4D41-ACA8-C1C5315599E0"}]}]}],"references":[{"url":"https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}