CVE-2025-8117
Account Takeover via Reset Password Functionality in PAD CMS
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.
This product is End-Of-Life and producent will not publish patches for this vulnerability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Polska Akademia Dostępności · PAD CMSQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cert.pl/posts/2025/09/CVE-2025-7063