CVE-2025-65276 – HashTech Open-Source Administrative Access Vulnerability

CVE ID : CVE-2025-65276

Published : Nov. 26, 2025, 8:15 p.m. | 2 hours, 6 minutes ago

Description : An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…