CNNVD-202510-2123 Information

CNNVD ID

CNNVD-202510-2123

Related CVE

CVE-2025-56748

• CNNVD Published: 2025-10-15

Description (Chinese)

Creativeitem Academy LMS是孟加拉国Creativeitem公司的一个在线学习管理系统。 Creativeitem Academy LMS 5.13及之前版本存在安全漏洞，该漏洞源于使用可预测的Base64编码密码重置令牌且未限制速率，可能导致暴力破解攻击和账户接管。

Description (English)

Creativeitem Academy LMS is an online learning management system for Creativeitem in Bangladesh. There is a security loophole in Creativeitem Academy LMS 5.13 and earlier versions, which stems from the unrestricted resetting of tokens using a predictable Base64 code code, which could lead to violent break-down attacks and account takeovers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Creativeitem

Published

2025-10-15

Last Modified

2026-02-24

References

https://suryadina.com/academy-lms-reset-bruteforce-5q8w2e7t9y/ https://access.redhat.com/security/cve/cve-2025-56748