CVE-2025-62294

High CVSS: 8.7

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time.

This issue was fixed in version 1.55.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-340

Yayın Tarihi

2025-11-20 16:15:59

Güncelleme

2025-11-24 13:51:22

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-340 Soplanning HIGH Soplanning 2025

Referanslar

https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/

Benzer Kayıtlar

High

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to…

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…

Medium

CVE-2025-62297

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitr…