CVE-2025-3954 – ChurchCRM Referer Handler Server-Side Request Forgery Vulnerability

April 26, 2025

CVE ID : CVE-2025-3954

Published : April 26, 2025, 10:15 p.m. | 48 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46656 – Markdownify Headline Prefix Overflow

Next Article CVE-2025-46655 – CodiMD AWS S3 SVG XSS Bypass

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-3954 – ChurchCRM Referer Handler Server-Side Request Forgery Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Google AI Introduces Multi-Agent System Search MASS: A New AI Agent Optimization Framework for Better Prompts and Topologies

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

NativePHP Is Entering Its Next Phase

CVE-2025-52805 – Leyka Path Traversal PHP Local File Inclusion Vulnerability

CVE-2025-3808 – Zhenfeng13 My-BBS Cross-Site Request Forgery Vulnerability

Microsoft is bringing back seconds to Windows 10 Clock after outrage

How Netsertive built a scalable AI assistant to extract meaningful insights from real-time data using Amazon Bedrock and Amazon Nova

CVE-2025-3954 – ChurchCRM Referer Handler Server-Side Request Forgery Vulnerability

Related Posts