CVE-2025-6216
CRITICALDescription
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.
Is your site exposed to CVE-2025-6216?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| alltena | allegra |
| alltena | allegra |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-6216? +
How severe is CVE-2025-6216? +
What products are affected by CVE-2025-6216? +
How do I check if I'm vulnerable to CVE-2025-6216? +
Related Vulnerabilities
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already …
Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server …
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An …
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, …
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, …
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password …