Description

An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.

INFO

Published Date :

2025-11-26T00:00:00.000Z

Last Modified :

2025-12-01T19:15:42.318Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65276 vulnerability.

Vendors Products
Hashtech Project
  • Hashtech
Henzljw
  • Hashtech
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65276.

URL Resource
https://gist.github.com/whoisrushi/c3bfcd1adf96d80952edbd03d0310836 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact