CVE-2025-66397 is an improper access control vulnerability (CWE-284) identified in the ChurchCRM open-source church management system, specifically affecting versions prior to 6.5.3. The vulnerability resides in the Kiosk Manager feature, where functions such as allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk do not enforce proper access restrictions. As a result, any authenticated user, regardless of their privilege level, can invoke these functions to manipulate kiosk registrations and operations. This can lead to unauthorized acceptance of kiosk registrations, forced reloads, and identification of kiosks, potentially disrupting normal operations and compromising data integrity. The vulnerability has a CVSS 3.1 base score of 8.3, indicating high severity, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and impacts on confidentiality (C:L), integrity (I:H), and availability (A:H). Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to organizations relying on ChurchCRM for managing community and church-related data. The issue was addressed in ChurchCRM version 6.5.3 by implementing proper access control checks on the affected functions.

For European organizations, particularly religious institutions and community groups using ChurchCRM, this vulnerability could lead to unauthorized manipulation of kiosk registrations and operations. This may result in unauthorized data entry or modification, disruption of kiosk services, and potential exposure of sensitive information related to church members or events. The integrity and availability of the kiosk management system can be compromised, potentially affecting operational continuity and trust. Given the high CVSS score and the nature of the vulnerability, attackers with basic authenticated access could escalate their privileges within the system, leading to broader security implications. The impact is more pronounced in organizations that rely heavily on kiosk features for member registration or event management, which are common in many European countries with active church communities.

The primary mitigation is to upgrade ChurchCRM installations to version 6.5.3 or later, where the vulnerability has been fixed. Organizations should immediately audit their current ChurchCRM version and plan for prompt patching. Additionally, review and tighten user access controls to limit authenticated user permissions, especially concerning kiosk management functions. Implement monitoring and logging of kiosk-related activities to detect any unauthorized actions. If upgrading immediately is not feasible, consider restricting network access to the ChurchCRM application to trusted users only and disable kiosk features temporarily if possible. Educate users about the risks of unauthorized access and enforce strong authentication mechanisms to reduce the risk of credential compromise.