What is CVE-2025-54127?

CVE-2025-54127 is a vulnerability in Haxtheweb Issues, classified under Initialization of a Resource with an Insecure Default. Published 2025-07-21.

Is CVE-2025-54127 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Haxtheweb Issues

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default co…

EPSS: 0.003 (53.9th percentile) — read the EPSS interpretation.

Affected products

Haxtheweb Issues — versions < 11.0.7

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/haxtheweb/issues/security/advisories/GHSA-f38f-jvqj-mfg6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-54127?: CVE-2025-54127 is a vulnerability in Haxtheweb Issues, classified under Initialization of a Resource with an Insecure Default. Published 2025-07-21.
Is CVE-2025-54127 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.