cvedb.io
CVE-2025-65276
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-11-26T20:15:49.660 · Last modified 2026-06-17T09:55:35.940

Summary

An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.

Affected products

henzljw — hashtech

Does this affect you?

Add your gear to cvedb and we'll alert you only when henzljw ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.