CVE-2025-2220

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20reCAPTCHA%20secret%20key%5D%20found%20in%20Odyssey%20CMS%2010.35%20-%20(odyssey_contact_form.php).md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.299292	Permissions Required VDB Entry
https://vuldb.com/?id.299292	VDB Entry Third Party Advisory
https://vuldb.com/?submit.512367	VDB Entry Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:odysseyautomation:odyssey_cms:*:*:*:*:*:*:*:*

History

25 Mar 2025, 17:15

Type	Values Removed	Values Added
First Time		Odysseyautomation Odysseyautomation odyssey Cms
References	~~() https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20reCAPTCHA%20secret%20key%5D%20found%20in%20Odyssey%20CMS%2010.35%20-%20(odyssey_contact_form.php).md -~~	() https://github.com/secuserx/CVE/blob/main/%5BHardcoded%20reCAPTCHA%20secret%20key%5D%20found%20in%20Odyssey%20CMS%2010.35%20-%20(odyssey_contact_form.php).md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.299292 -~~	() https://vuldb.com/?ctiid.299292 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.299292 -~~	() https://vuldb.com/?id.299292 - VDB Entry, Third Party Advisory
References	~~() https://vuldb.com/?submit.512367 -~~	() https://vuldb.com/?submit.512367 - VDB Entry, Third Party Advisory
CPE		cpe:2.3:a:odysseyautomation:odyssey_cms::::::::
CWE		NVD-CWE-noinfo
Summary		(es) Se encontró una vulnerabilidad en Odyssey CMS hasta la versión 10.34. Se ha clasificado como problemática. Se ve afectada una función desconocida del archivo /modules/odyssey_contact_form/odyssey_contact_form.php del componente reCAPTCHA Handler. La manipulación del argumento g-recaptcha-response provoca un error en la gestión de claves. Se requiere acceso local para abordar este ataque. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

12 Mar 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-12 02:15

Updated : 2025-03-25 17:15

NVD link : CVE-2025-2220

Mitre link : CVE-2025-2220

CVE.ORG link : CVE-2025-2220

JSON object : View

Products Affected

odysseyautomation

odyssey_cms

CWE

CWE-320

Key Management Errors

NVD-CWE-noinfo

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-2220

3.3^/10

1.7^/10

Attach tags to `CVE-2025-2220`