Home > Vulnerability Database > CVE-2025-54134

Mend.io Vulnerability Database

CVE-2025-54134

Good to know:

Date: July 21, 2025

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27

Url: https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22

Url: https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54134

Url: https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34

Url: https://github.com/haxtheweb/haxcms-nodejs

Url: https://www.mend.io/vulnerability-database/CVE-2025-54134

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Uncaught Exception

CWE-248

Improper Check or Handling of Exceptional Conditions

CWE-703

Top Fix

Upgrade Version

Upgrade to version @haxtheweb/haxcms-nodejs - 11.0.9;https://github.com/haxtheweb/haxcms-nodejs.git - v11.0.9

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54134

Good to know:

Date: July 21, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?