Unrated severityNVD Advisory· Published Sep 30, 2025· Updated Sep 30, 2025
Account Takeover via Reset Password Functionality in PAD CMS
CVE-2025-8117
Description
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.
This product is End-Of-Life and producent will not publish patches for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Polska Akademia Dostępności/PAD CMSv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.