CVE-2025-13576HIGH 8.8EPSS p15.4%

CVE-2025-13576CVE-2025-13576

Description

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.24% probability of exploitation · percentile 15.4% · 2026-06-18T12:00:27Z
Published2025-11-24
Last modified2026-04-29

Underlying weaknesses· 2

CWE-266CWE-285

References

  1. https://code-projects.org/
  2. https://github.com/Yohane-Mashiro/cve/blob/main/Unauthorized.md
  3. https://vuldb.com/?ctiid.333340
  4. https://vuldb.com/?id.333340
  5. https://vuldb.com/?submit.698772

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13575
CVE
CVE-2026-0566
CVE
CVE-2025-13578
CVE
CVE-2026-0567
CVE
CVE-2025-12283
CVE
CVE-2025-13561
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.