CVE-2025-12866 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the…
Critical CVSS: 9.3

CVE-2025-12866

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.
Vendor
-
Product
-
CWE
CWE-640
Yayın Tarihi
2025-11-10 03:15:42
Güncelleme
2025-11-12 17:15:36
Source Identifier
twcert@cert.org.tw
KEV Date Added
-

Kategoriler

CWE-640 CRITICAL 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10491-004b0-2.html https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html https://www.chtsecurity.com/news/20848f61-9db5-44fd-8574-c9d6a54e4010