exploitDog

CVE-2025-56748

Опубликовано: 15 окт. 2025

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.

Ссылки

https://suryadina.com/academy-lms-reset-bruteforce-5q8w2e7t9y/
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*

Версия до 5.13 (включая)

EPSS

Процентиль: 23%

0.00075

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-640

Связанные уязвимости

GHSA-5qq2-qmp3-f37q

CVSS3: 6.4

github

4 месяца назад

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.

EPSS

Процентиль: 23%

0.00075

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-640