CVE-2025-56748

Medium CVSS: 6.4

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.

Vendor

Creativeitem

Product

Academy Lms

CWE

CWE-640

Yayın Tarihi

2025-10-15 15:16:04

Güncelleme

2025-10-21 19:24:51

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-640 Academy Lms MEDIUM Creativeitem 2025

Referanslar

https://suryadina.com/academy-lms-reset-bruteforce-5q8w2e7t9y/

Benzer Kayıtlar

Medium

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to t…

Medium

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with…

Critical

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictabl…

Low

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabli…

Medium

CVE-2025-56747

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor co…

Medium

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user…