CVE-2026-25633
MEDIUM EPSS 20.2%
Published Feb 11, 20264mo ago · Modified Feb 18, 20264mo ago
4.3 CVSS 3.1
Published Feb 11, 2026 4mo ago
Last Modified Feb 18, 2026 4mo ago
Description
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. This has been fixed in 5.73.6 and 6.2.5.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
20.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-862 Missing Authorization Authorization
Affected Products 2
References 4
- github.com https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8a
- github.com https://github.com/statamic/cms/releases/tag/v5.73.6
- github.com https://github.com/statamic/cms/releases/tag/v6.2.5
- github.com https://github.com/statamic/cms/security/advisories/GHSA-gwmx-9gcj-332h
Remediation
- github.com https://github.com/statamic/cms/commit/5a6f47246edf3a0c453727ffecbfa14333a6bc8a