CVE-2025-12868 PUBLISHED

CyberTutor|New Site Server - Use of Client-Side Authentication

Assigner: twcert
Reserved: 07.11.2025 Published: 10.11.2025 Updated: 10.11.2025

New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor CyberTutor
Product New Site Server
Versions Default: unaffected
  • Version 0 is affected

Solutions

Contact the vendor for updates.

References

Problem Types

  • CWE-603 Use of Client-Side Authentication CWE

Impacts

  • CAPEC-114 Authentication Abuse