CVE-2025-5215919.09.2025, 20:15Hardcoded credentials in default configuration of PPress 0.0.9.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.8 HIGHNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP8.8 HIGHNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownCommon Weakness EnumerationCWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Referenceshttps://github.com/quarter77/PPress-CMS-session-forgery-SSTI-vulnerability-leads-to-remote-command-executionhttps://github.com/quarter77/PPress-CMS_vulnerability_chain_details/blob/main/CVE-2025-52159%20Details.md