CVE-2025-63807

Critical CVSS: 9.8

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.

Vendor

2dogz

Product

Blogin

CWE

CWE-307

Yayın Tarihi

2025-11-20 21:16:06

Güncelleme

2026-01-15 16:59:02

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-307 Blogin CRITICAL 2dogz 2025

Referanslar

https://gist.github.com/Rycarl-Furry/3e93c6f0d48a29518adf341e0fc7e2dd