What is CVE-2025-54134?

CVE-2025-54134 is a vulnerability in Haxtheweb Issues, classified under Improper Input Validation. Published 2025-07-21.

Is CVE-2025-54134 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Haxtheweb Issues

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL paramete…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (40.5th percentile) — read the EPSS interpretation.

Affected products

Haxtheweb Issues — versions < 11.0.9

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/haxtheweb/issues/security/advisories/GHSA-pjj3-j5j6-qj27 (x_refsource_CONFIRM)
https://github.com/haxtheweb/haxcms-nodejs/commit/e9773d1996233f9bafb06832b8220ec2a98bab34 (x_refsource_MISC)
https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/listFiles.js#L22 (x_refsource_MISC)
https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/routes/saveFile.js#L52 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-54134?: CVE-2025-54134 is a vulnerability in Haxtheweb Issues, classified under Improper Input Validation. Published 2025-07-21.
Is CVE-2025-54134 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.