CVE-2025-66397
📋 TL;DR
This vulnerability allows any authenticated user in ChurchCRM to perform Kiosk Manager actions like allowing/accepting kiosk registrations, reloading kiosks, and identifying kiosks. It affects all ChurchCRM installations prior to version 6.5.3 where the Kiosk Manager feature is enabled. The broken access control bypasses intended permission checks.
💻 Affected Systems
- ChurchCRM
📦 What is this software?
Churchcrm by Churchcrm
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could register unauthorized kiosk devices, potentially allowing physical access to church facilities or enabling data exfiltration through kiosk interfaces.
Likely Case
Malicious authenticated users could disrupt kiosk operations, register unauthorized devices, or gain access to kiosk management functions they shouldn't have.
If Mitigated
With proper access controls and authentication mechanisms, impact would be limited to authorized users only performing intended actions.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.5.3
Vendor Advisory: https://github.com/ChurchCRM/CRM/security/advisories/GHSA-32vr-ch3p-wmr5
Restart Required: Yes
Instructions:
1. Backup your ChurchCRM database and files. 2. Download ChurchCRM version 6.5.3 or later from the official repository. 3. Replace existing installation files with new version. 4. Run database migrations if required. 5. Restart web server services.
🔧 Temporary Workarounds
Disable Kiosk Manager
allTemporarily disable the Kiosk Manager feature until patching can be completed.
Edit ChurchCRM configuration to disable kiosk functionality
Restrict User Permissions
allReview and restrict user permissions to minimize attack surface.
Audit user accounts and remove unnecessary privileges
🧯 If You Can't Patch
- Implement network segmentation to isolate ChurchCRM from sensitive systems
- Enable detailed logging and monitoring for kiosk-related activities
🔍 How to Verify
Check if Vulnerable:
Check ChurchCRM version in admin interface or via version file. If version is below 6.5.3, system is vulnerable.Check Version:
Check /churchcrm/version.txt or admin dashboard version displayVerify Fix Applied:
After patching, verify version shows 6.5.3 or higher and test that only authorized users can perform kiosk management actions.📡 Detection & Monitoring
Log Indicators:
- Unauthorized kiosk registration attempts
- Kiosk management actions from non-admin users
- Multiple failed permission checks in access logs
Network Indicators:
- Unusual kiosk registration traffic patterns
- Kiosk API calls from unexpected user accounts
SIEM Query:
source="churchcrm" AND (event="kiosk_registration" OR event="kiosk_management") AND user_role!="admin"