CVE-2025-63314

Critical CVSS: 10.0

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.

Vendor

Ddsn

Product

Cm3 Acora Cms

CWE

CWE-640

Yayın Tarihi

2026-01-12 17:15:52

Güncelleme

2026-01-22 22:02:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-640 Cm3 Acora Cms CRITICAL Ddsn 2026

Referanslar

http://acora.com http://ddsn.com https://github.com/padayali-JD/CVE-2025-63314

Benzer Kayıtlar

High

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authen…

Medium

CVE-2025-25968

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged us…

High

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused…