Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-43932

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Jul, 2025 | 00:00
Updated At-08 Jul, 2025 | 17:37
Rejected At-
Credits

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Jul, 2025 | 00:00
Updated At:08 Jul, 2025 | 17:37
Rejected At:
▼CVE Numbering Authority (CNA)

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt
N/A
https://github.com/guomaoqiu/JobCenter/issues/18
N/A
Hyperlink: https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt
Resource: N/A
Hyperlink: https://github.com/guomaoqiu/JobCenter/issues/18
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-640CWE-640 Weak Password Recovery Mechanism for Forgotten Password
Type: CWE
CWE ID: CWE-640
Description: CWE-640 Weak Password Recovery Mechanism for Forgotten Password
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Jul, 2025 | 16:15
Updated At:08 Jul, 2025 | 18:15

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-640Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-640
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txtcve@mitre.org
N/A
https://github.com/guomaoqiu/JobCenter/issues/18cve@mitre.org
N/A
Hyperlink: https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/guomaoqiu/JobCenter/issues/18
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

65Records found
CVE-2022-44004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.57% / 81.75%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.

Action-Not Available
Vendor-backclickn/a
Product-backclickn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2025-50433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 00:00
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2025-50594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 24.97%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 00:00
Updated-14 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-47697
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 57.13%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.

Action-Not Available
Vendor-comfast_projectn/a
Product-cf-wr623n_firmwarecf-wr623nn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2024-11350
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.75%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 08:18
Updated-08 Apr, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Action-Not Available
Vendor-ScriptsBundle
Product-adforestAdForest
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2024-11103
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 37.31%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 09:47
Updated-08 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Action-Not Available
Vendor-contest-gallerycontest-gallerycontest_gallery
Product-contest_galleryContest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripecontest_gallery
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2023-7264
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-1.84% / 83.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 03:16
Updated-08 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.

Action-Not Available
Vendor-buildapphakeemnalarahamsolutions
Product-build_app_onlineBuild App Onlinebuild_app_online
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2023-36487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 69.48%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 00:00
Updated-26 Nov, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.

Action-Not Available
Vendor-iliasn/a
Product-iliasn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2023-4448
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.51%
||
7 Day CHG+0.01%
Published-21 Aug, 2023 | 02:00
Updated-04 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenRapid RapidCMS run-movepass.php password recovery

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.

Action-Not Available
Vendor-openrapidOpenRapid
Product-rapidcmsRapidCMS
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-37300
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 68.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 17:40
Updated-03 Aug, 2024 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

Action-Not Available
Vendor-
Product-modicon_m340_bmxp342030_firmwaremodicon_m340_bmxp3420302h_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m580_bmep583040_firmwaremodicon_m580_bmeh582040smodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010modicon_m580_bmeh584040smodicon_m580_bmep582020h_firmwaremodicon_m580_bmep584040s_firmwaremodicon_m580_bmep584040modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep582040h_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040ecostruxure_control_expertmodicon_m580_bmep582040modicon_m580_bmep584020_firmwaremodicon_m580_bmeh584040modicon_m580_bmep585040modicon_m580_bmep585040c_firmwaremodicon_m580_bmeh584040_firmwaremodicon_m580_bmep581020h_firmwaremodicon_m580_bmep584020modicon_m580_bmeh584040s_firmwaremodicon_m340_bmxp342020modicon_m340_bmxp342030hmodicon_m340_bmxp342020hmodicon_m580_bmeh586040cmodicon_m580_bmep582020_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m580_bmeh586040_firmwaremodicon_m580_bmep581020hmodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_m580_bmeh586040c_firmwaremodicon_m580_bmep586040_firmwaremodicon_m580_bmeh582040_firmwaremodicon_m580_bmep582040_firmwaremodicon_m580_bmeh582040modicon_m580_bmeh582040c_firmwaremodicon_m580_bmep583020modicon_m580_bmeh586040s_firmwaremodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_m340_bmxp342000modicon_m580_bmeh586040modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp341000modicon_m580_bmeh584040c_firmwaremodicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_m580_bmep582040hmodicon_m340_bmxp3420302modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwareecostruxure_process_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_m340_bmxp342030h_firmwaremodicon_m580_bmep582020hmodicon_m580_bmep586040c_firmwaremodicon_m340_bmxp3420102modicon_m580_bmeh582040s_firmwareEcoStruxure Control ExpertEcoStruxure Process ExpertModicon M340 CPUModicon M580 CPU
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-3485
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.23%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 11:39
Updated-22 Apr, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Recovery in ifm moneo appliance

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.

Action-Not Available
Vendor-ifmifm
Product-moneo_qha210moneo_qha210_firmwaremoneo_qha200moneo_qha200_firmwaremoneo appliance
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-37172
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.5||HIGH
EPSS-0.11% / 28.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:33
Updated-18 Feb, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Action-Not Available
Vendor-wwbnAVideo
Product-avideoAVideo Platform
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-27179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 58.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 04:21
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

Action-Not Available
Vendor-konzept-ixn/a
Product-publixonen/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-25105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.86%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 14:19
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only a million possibilities).

Action-Not Available
Vendor-eramban/a
Product-eramban/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2025-12866
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 02:45
Updated-12 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hundred Plus|EIP Plus - Weak Password Recovery Mechanism

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.

Action-Not Available
Vendor-Hundred Plus
Product-EIP Plus
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
  • Previous
  • 1
  • 2
  • Next
Details not found