Description

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting the data of an invalid user. This can be used to infer the existence of valid user accounts. An authenticated attacker can use automated tooling to brute force potential usernames and use the application's response to identify valid accounts. This can be used in conjunction with other vulnerabilities, such as the lack of authorization checks, to enumerate and deface another user's sites. This is fixed in version 11.0.5.

INFO

Published Date :

2025-07-21T20:53:26.575Z

Last Modified :

2025-07-22T20:44:14.038Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54129 vulnerability.

Vendors Products
Haxtheweb
  • Hax
Psu
  • Haxiam
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54129.

URL Resource
https://github.com/haxtheweb/issues/security/advisories/GHSA-wh3h-vfcv-m5g5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact