CVE-2025-66906

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

ross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

References

Link	Resource
https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md	Exploit Third Party Advisory
https://github.com/turms-im/turms	Product
https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:*

History

02 Jan 2026, 19:57

Type	Values Removed	Values Added
References	~~() https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md -~~	() https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66906_report.md - Exploit, Third Party Advisory
References	~~() https://github.com/turms-im/turms -~~	() https://github.com/turms-im/turms - Product
First Time		Turms-im Turms-im turms
CPE		cpe:2.3:a:turms-im:turms:0.10.0-snapshot:::::::*

19 Dec 2025, 18:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-19 16:15

Updated : 2026-01-02 19:57

NVD link : CVE-2025-66906

Mitre link : CVE-2025-66906

CVE.ORG link : CVE-2025-66906

JSON object : View

Products Affected

turms-im

turms

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.1 /10