CVE-2025-2220

MEDIUM Year: 2025
CVSS v3 Score
7.8
High
CVSS v2 Score
1.7
Low
Weakness Type
CWE-320
View all →

Vulnerability Description

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-2880

HIGH
CVSS:7.8(High)

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.

CWE-3202016

CVE-2015-0153

HIGH
CVSS:7.5(High)

D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.

CWE-3202015

CVE-2015-0839

HIGH
CVSS:8.1(High)

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ver...

CWE-3202015

CVE-2015-1316

HIGH
CVSS:7.5(High)

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

CWE-3202015

CVE-2015-7503

HIGH
CVSS:7.5(High)

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

CWE-3202015

CVE-2016-6879

HIGH
CVSS:7.5(High)

The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.

CWE-3202016