QwikSec

Security Database

CVE

CWE

Training

CVE-2025-62713

Published: Oct 23, 2025

Modified: Oct 23, 2025

PUBLISHED

Description

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.

Vendor	Product	Versions
kottster	kottster	affected `>= 3.2.0, < 3.3.2`

Weaknesses (CWE)

References

https://github.com/kottster/kottster/security/advisories/GHSA-j3w7-9qc3-g96p

x_refsource_CONFIRM

https://github.com/kottster/kottster/commit/0a7d24922a23aac98372155348787670937eef89

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.