{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T16:24:45.912","vulnerabilities":[{"cve":{"id":"CVE-2026-25509","sourceIdentifier":"security-advisories@github.com","published":"2026-02-03T22:16:31.433","lastModified":"2026-06-17T10:24:45.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether an email address is registered in the system by analyzing the application's response during the password reset process. This issue has been patched in version 0.28.5.0."},{"lang":"es","value":"CI4MS es un esqueleto de CMS basado en CodeIgniter 4 que ofrece una arquitectura modular, lista para producción, con autorización RBAC y soporte de temas. Antes de la versión 0.28.5.0, la implementación de autenticación en CI4MS es vulnerable a la enumeración de correos electrónicos. Un atacante no autenticado puede determinar si una dirección de correo electrónico está registrada en el sistema analizando la respuesta de la aplicación durante el proceso de restablecimiento de contraseña. Este problema ha sido parcheado en la versión 0.28.5.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ci4-cms-erp","product":"ci4ms","versions":[{"version":"< 0.28.5.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-04T16:30:42.876898Z","id":"CVE-2026-25509","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-204"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ci4-cms-erp:ci4ms:*:*:*:*:*:*:*:*","versionEndExcluding":"0.28.5.0","matchCriteriaId":"AF5BFA71-5A9A-4ADF-ACD4-5E3B6FAB1DBE"}]}]}],"references":[{"url":"https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb653","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-654x-9q7r-g966","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}