Noxurge/CVE-2025-65899

Releases0

Stars1

DifuseHQ Kalmia CMS version 0.2.0 is vulnerable to user enumeration through distinguishable error responses in the /kal-api/auth/jwt/create authentication endpoint.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65899 ↗	Dec 4, 2025Thursday, 4 December 2025, 22:15	5.3 MEDIUM	—
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.