CVE-2025-60375
HIGHDescription
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials.
Is your site exposed to CVE-2025-60375?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-60375? +
How severe is CVE-2025-60375? +
How do I check if I'm vulnerable to CVE-2025-60375? +
Related Vulnerabilities
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause …
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in …
The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This …
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, …
Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if …
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows …