exploitDog

CVE-2025-63807

Опубликовано: 20 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.

Ссылки

https://gist.github.com/Rycarl-Furry/3e93c6f0d48a29518adf341e0fc7e2dd
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:2dogz:blogin:*:*:*:*:*:*:*:*

Версия до 2024-11-09 (включая)

EPSS

Процентиль: 33%

0.0013

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-xqf6-9hf7-323f

CVSS3: 7.5

github

3 месяца назад

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.

EPSS

Процентиль: 33%

0.0013

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-307