couchcms CVE Vulnerabilities & Metrics

Focus on couchcms vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About couchcms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with couchcms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total couchcms CVEs: 3
Earliest CVE date: 04 Mar 2018, 23:29 UTC
Latest CVE date: 22 Dec 2025, 01:16 UTC

Latest CVE reference: CVE-2025-15005

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical couchcms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.53

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS couchcms CVEs

These are the five CVEs with the highest CVSS scores for couchcms, sorted by severity first and recency.

CVE-2018-7662 couchcms Published on 04 Mar 2018, 23:29 UTC (CVSS: 5.0)
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
CVE-2025-15005 couchcms Published on 22 Dec 2025, 01:16 UTC (CVSS: 2.6)
A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploit...
CVE-2023-41609 couchcms Published on 11 Sep 2023, 18:15 UTC (CVSS: 0)
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

All CVEs for couchcms

CVE-2025-15005 couchcms vulnerability CVSS: 2.6 22 Dec 2025, 01:16 UTC

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited.

CVE-2023-41609 couchcms vulnerability CVSS: 0 11 Sep 2023, 18:15 UTC

An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

CVE-2018-7662 couchcms vulnerability CVSS: 5.0 04 Mar 2018, 23:29 UTC

Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.