Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2025-68436 - Vulnerability Database
Craft CMS

Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2025-68436

Medium
Reference: CVE-2025-68436
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-68436
Title: Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.