CVE-2025-8117
Account Takeover via Reset Password Functionality in PAD CMS
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.
This product is End-Of-Life and producent will not publish patches for this vulnerability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
Polska Akademia Dostępności · PAD CMS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cert.pl/posts/2025/09/CVE-2025-7063