CVE-2025-2220

Summary

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
OdysseyCMS10.0affected
OdysseyCMS10.1affected
OdysseyCMS10.2affected
OdysseyCMS10.3affected
OdysseyCMS10.4affected
OdysseyCMS10.5affected
OdysseyCMS10.6affected
OdysseyCMS10.7affected
OdysseyCMS10.8affected
OdysseyCMS10.9affected
OdysseyCMS10.10affected
OdysseyCMS10.11affected
OdysseyCMS10.12affected
OdysseyCMS10.13affected
OdysseyCMS10.14affected
OdysseyCMS10.15affected
OdysseyCMS10.16affected
OdysseyCMS10.17affected
OdysseyCMS10.18affected
OdysseyCMS10.19affected
OdysseyCMS10.20affected
OdysseyCMS10.21affected
OdysseyCMS10.22affected
OdysseyCMS10.23affected
OdysseyCMS10.24affected
OdysseyCMS10.25affected
OdysseyCMS10.26affected
OdysseyCMS10.27affected
OdysseyCMS10.28affected
OdysseyCMS10.29affected
OdysseyCMS10.30affected
OdysseyCMS10.31affected
OdysseyCMS10.32affected
OdysseyCMS10.33affected
OdysseyCMS10.34affected

Weaknesses

  • CWE-320: Key Management Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References