CVE-2025-64281
Published: 12 November 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-64281 is an authentication bypass vulnerability, classified under CWE-288, affecting CentralSquare Community Development version 19.5.7. This flaw enables attackers to gain unauthorized access to the admin panel without requiring valid admin credentials. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high potential impact on confidentiality, integrity, and availability.
The vulnerability can be exploited by remote, unauthenticated attackers over the network with low attack complexity and no need for user interaction or privileges. Successful exploitation provides full access to the admin panel, allowing attackers to perform administrative actions, potentially leading to complete compromise of the affected system.
Mitigation guidance and additional details are available in advisories referenced at https://centralsquare.com and https://machevalia.blog/blog/multiple-vulnerabilities-in-centralsquare-etrakit-and-ivr. The CVE was published on 2025-11-12T16:15:37.090.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an authentication bypass in a public-facing web application (admin panel), directly enabling exploitation for initial access as described in T1190: Exploit Public-Facing Application.