Login Sign Up

CVE-2025-15456

7.3 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in MiniCMS allows attackers to bypass authentication mechanisms and potentially publish unauthorized pages. It affects MiniCMS versions up to 1.8. The vulnerability is remotely exploitable and public exploit details exist, though the vendor disputes its validity.

💻 Affected Systems

Products:
  • bg5sbk MiniCMS
Versions: up to 1.8
Operating Systems: All platforms running MiniCMS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Publish Page Handler component via /mc-admin/page-edit.php

📦 What is this software?

Minicms by 1234n

View all CVEs affecting Minicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could publish malicious content, deface websites, inject malware, or gain administrative access to the CMS.

🟠

Likely Case

Unauthorized page publication leading to content manipulation or defacement.

🟢

If Mitigated

No impact if proper authentication controls and input validation are implemented.

🌐 Internet-Facing: HIGH - Remote exploitation possible with public exploit details available.
🏢 Internal Only: MEDIUM - Could still be exploited by internal threats or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit disclosed on GitHub, though vulnerability existence is disputed by vendor

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict access to admin interface

all

Implement IP whitelisting or VPN access to /mc-admin/ directory

# Example Apache .htaccess:
Order deny,allow
Deny from all
Allow from 192.168.1.0/24

Implement Web Application Firewall

all

Deploy WAF rules to detect and block authentication bypass attempts

# ModSecurity rule example:
SecRule REQUEST_URI "@contains /mc-admin/page-edit.php" \
"id:1001,phase:2,deny,status:403,msg:'Potential auth bypass attempt'"

🧯 If You Can't Patch

  • Monitor /mc-admin/page-edit.php access logs for suspicious activity
  • Implement strong authentication with multi-factor authentication if possible

🔍 How to Verify

Check if Vulnerable:

Check MiniCMS version in admin panel or by examining source files. Versions ≤1.8 are vulnerable.

Check Version:

# Check MiniCMS version:
grep -r "MiniCMS version" /path/to/minicms/ || find /path/to/minicms/ -name "*.php" -exec grep -l "version.*1.8" {} \;

Verify Fix Applied:

Test authentication bypass attempts against /mc-admin/page-edit.php endpoint

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized POST requests to /mc-admin/page-edit.php
  • Multiple failed authentication attempts followed by successful page edits

Network Indicators:

  • Unusual traffic patterns to admin interface from unexpected IPs
  • POST requests to page-edit.php without proper authentication headers

SIEM Query:

source="web_logs" AND uri="/mc-admin/page-edit.php" AND (status=200 OR status=302) AND NOT (user_agent="admin_browser" OR src_ip="trusted_ip")

📊 Metadata

CVE ID: CVE-2025-15456
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-287
EPSS Score: 0.18% exploit probability (39th percentile)
Published: January 5, 2026
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15456, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)