Unrated severityNVD Advisory· Published Sep 30, 2025· Updated Oct 1, 2025

CVE-2025-56676

Description

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This allows remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure.

Affected products

TitanSystems/Zenderdescription
TitanSystems/Zenderllm-create
Range: = 3.9.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/zender-android-mobile-devices-as-sms-gateway-saas-platform/26594230mitre
darklotus.medium.com/cve-2025-56676-critical-vulnerability-in-zender-gateway-allows-account-takeover-2b5bcb50c762mitre
previews.titansystems.ph/zender/dashboard/authmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000