CVE-2025-24980

Medium CVSS: 6.9

pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Pimcore

Product

Admin Classic Bundle

CWE

CWE-204

Yayın Tarihi

2025-02-07 20:15:33

Güncelleme

2026-01-16 18:16:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-204 Admin Classic Bundle MEDIUM Pimcore 2025

Referanslar

https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9 https://github.com/pimcore/admin-ui-classic-bundle/pull/808 https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24 https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24

Benzer Kayıtlar

Medium

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, t…

High

CVE-2026-23493

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file st…

Medium

CVE-2026-23494

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to e…

Medium

CVE-2026-23495

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listin…

Medium

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the applicati…

High

CVE-2026-23492

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injectio…