CVE-2025-1107

Published Feb 7, 2025

Last updated 16 days ago

CVSS critical 9.9

Overview

Description
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
Source
cve-coordination@incibe.es
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
5.3
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Severity
CRITICAL

Weaknesses

cve-coordination@incibe.es
CWE-620

Social media

Hype score
Not currently trending

  1. CVE-2025-1107 Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing… https://t.co/1ysfHClQ6H

    @CVEnew

    7 Feb 2025

    406 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References