exploitDog

CVE-2025-60954

Опубликовано: 24 окт. 2025

Источник: nvd

CVSS3: 8.3

EPSS Низкий

Описание

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

Ссылки

https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646
Exploit
Third Party Advisory
https://github.com/microweber/microweber
Product
https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microweber:microweber:2.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

8.3 High

CVSS3

Дефекты

CWE-521

Связанные уязвимости

GHSA-526h-6368-hcf5

CVSS3: 8.3

github

4 месяца назад

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

EPSS

Процентиль: 19%

0.00061

Низкий

8.3 High

CVSS3

Дефекты

CWE-521