Vulnerability Database

298,930

Total vulnerabilities in the database

CVE-2025-62713

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.

Published: Oct 23, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-62713
GHSA: GHSA-j3w7-9qc3-g96p
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-284
CWE-78

OWASP TOP 10:

A5 - Broken Access Control
A1 - Injection

Affected Software
References

Software	From	Fixed in
@kottster / server	3.2.0	3.3.2

https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89
https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo