CVE-2025-8117
Account Takeover via Reset Password Functionality in PAD CMS
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.
This product is End-Of-Life and producent will not publish patches for this vulnerability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
Polska Akademia Dostępności · PAD CMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →