CVE-2026-25034 — Missing Authorization in Design Kivicare

CWE-862 — Missing Authorization4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 84.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iqonic Design Kivicare

Timeline

PublishedMar 25

Description

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5iqonic_design/kivicaren/a — <= 3.6.16

🔴Vulnerability Details

CVEList

WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability↗2026-03-25

▶

GHSA

GHSA-4wrc-rc9c-6pg4: Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Contro↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25034 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶