CVE-2025-65094 is a vulnerability classified under CWE-266 (Incorrect Privilege Assignment) and CWE-285 (Improper Authorization) affecting WBCE CMS, a content management system. The vulnerability exists in versions prior to 1.6.4, where a low-privileged user can escalate their privileges to the Administrators group by manipulating the groups[] parameter in the /admin/users/save.php HTTP request. The web interface restricts users from assigning groups other than their own, but this restriction is only enforced client-side. The server-side code lacks proper validation and authorization checks, allowing attackers to overwrite their group membership arbitrarily. This results in unauthorized privilege escalation without requiring user interaction or higher privileges beyond a low-level user account. Exploiting this vulnerability grants full administrative access to the CMS, enabling attackers to modify content, manage users, and potentially deploy further malicious payloads or backdoors. The vulnerability is remotely exploitable over the network without authentication beyond a low-privileged user account. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation and the critical impact on confidentiality, integrity, and availability. Although no known exploits have been reported in the wild yet, the vulnerability poses a significant risk to any WBCE CMS deployment that has not applied the patch released in version 1.6.4.

For European organizations using WBCE CMS, this vulnerability can lead to complete compromise of their web content management system. Attackers gaining administrative access can alter website content, deface pages, steal sensitive data, or implant malware and backdoors, potentially affecting the confidentiality, integrity, and availability of web services. This can damage organizational reputation, lead to data breaches, and disrupt business operations. Public sector entities, educational institutions, and businesses relying on WBCE CMS for critical web presence are particularly at risk. The vulnerability’s remote exploitability and lack of need for user interaction increase the likelihood of exploitation. Additionally, compromised CMS platforms can serve as pivot points for further network intrusion, increasing the overall risk posture of affected organizations.

European organizations should immediately upgrade WBCE CMS installations to version 1.6.4 or later, where the vulnerability is patched. Until upgrading is possible, implement strict network segmentation and access controls to limit low-privileged user access to the CMS administration interface. Monitor web server logs for suspicious requests manipulating the groups[] parameter or unusual privilege escalations. Employ Web Application Firewalls (WAFs) with custom rules to detect and block attempts to modify group assignments via HTTP requests. Conduct regular audits of user group memberships to detect unauthorized changes. Additionally, enforce strong authentication and authorization policies to minimize the number of low-privileged users with access to the CMS backend. Educate administrators and developers about the importance of server-side validation to prevent similar vulnerabilities in the future.