What is CVE-2025-54005?

A missing authorization vulnerability in SKT Page Builder could lead to unauthorized access due to incorrectly configured access control security levels. Organizations using affected versions should prioritize remediation.

What is the severity of CVE-2025-54005?

CVE-2025-54005 has a severity rating of MEDIUM with a CVSS base score of 4.3.

CVE-2025-54005 | Medium Vulnerability in SKT Page Builder

CVE-2025-54005 is classified as a medium-severity vulnerability affecting SKT Page Builder. This vulnerability allows exploiting incorrectly configured access control security levels, which can result in unauthorized access to sensitive functionalities within the affected application. The CVSS score for this vulnerability is 4.3, indicating a moderate level of risk that organizations should address to maintain their security posture.

The vulnerability was published on December 16, 2025, and affects SKT Page Builder versions up to and including 4.9. Given the nature of the issue, organizations using this plugin are at risk of unauthorized actions that could compromise their systems and data integrity.

Risk to organizations includes potential unauthorized access and manipulation of content, which could lead to significant security breaches. Organizations should prioritize patching immediately to mitigate this risk and ensure the integrity of their web applications.

As of now, there are no known exploits publicly available, but the risk remains due to the vulnerability's nature. Organizations should actively monitor and apply any patches or updates provided by the vendor promptly.

Vulnerability Details

The vulnerability description indicates that the issue lies in the missing authorization within the SKT Page Builder plugin. The CWE classification for this vulnerability is CWE-862, which pertains to broken access control. The issue affects all versions prior to vendor patch.

Organizations using the affected SKT Page Builder plugin should review their configurations and ensure proper access controls are in place. The vendor has been notified, and it is crucial to stay updated on any remediation steps they may release.

Technical Analysis

The root cause of CVE-2025-54005 is attributed to the inadequate configuration of access control mechanisms within the SKT Page Builder plugin. Attackers may exploit this vulnerability by sending specially crafted requests that bypass authorization checks, allowing them to perform unauthorized actions.

The attack vector is network-based, requiring low attack complexity and low privileges. Importantly, no user interaction is required to exploit this vulnerability. The potential impacts include low integrity impact, while confidentiality and availability are unaffected.

Risk & Impact Analysis

Organizations that deploy SKT Page Builder should recognize the risk of unauthorized access due to broken access control. The blast radius of this vulnerability could extend to sensitive data exposure and manipulation, impacting not only the affected plugin but potentially the entire application. Given the medium CVSS score, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

This vulnerability affects SKT Page Builder versions from n/a through 4.9. Organizations should ensure that they are running a version that has been patched to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching immediately. It is crucial to update to the latest version of SKT Page Builder that addresses this vulnerability. If a patch is not available, organizations should implement access control hardening measures and conduct thorough security assessments on affected components.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unauthorized access attempts and review any changes to user permissions and configurations. Behavioral anomalies may also indicate attempts to manipulate access controls.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-54005 lies in its representation of common access control weaknesses in web applications. Security teams should learn from this vulnerability to enhance their access control mechanisms and ensure proper configuration management. As threats evolve, organizations must remain vigilant and proactive in their security measures, adapting to new patterns and trends in vulnerability exploitation.

For further insights into protecting your applications, consider exploring our comprehensive application security assessment services and resources.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-54005: Medium Vulnerability in SKT Page Builder