CVE-2025-8117
HIGHDescription
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.
Is your site exposed to CVE-2025-8117?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| widzialni | pad_cms |
References
Other References
Frequently Asked Questions
What is CVE-2025-8117? +
How severe is CVE-2025-8117? +
What products are affected by CVE-2025-8117? +
How do I check if I'm vulnerable to CVE-2025-8117? +
Related Vulnerabilities
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to …
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a …
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: …
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() …
In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network …