CNNVD-202510-3548 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3548

CVE-2025-26862

CNNVD Published: 2025-10-27

Description (Chinese)

Ping Identity PingFederate是美国Ping Identity公司的一个基于软件的旗舰联合服务器。用于身份管理。 Ping Identity PingFederate存在安全漏洞，该漏洞源于HTML Form Adapter在非默认无重定向模式下意外渲染身份验证表单，可能导致暴力破解登录攻击。

Description (English)

Ping Identity PingFederate is a software-based combined server for Ping Identity. For identity management. There is a security loophole in Ping Identity PingFederate, which originates from the accidental rendering of identification forms by HTML Form Adapter in non-default non-heavy orientation mode, which could lead to a violent break-in attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ping Identity

Published

2025-10-27

Last Modified

2026-02-24

References

https://www.pingidentity.com/en/resources/downloads/pingfederate.html https://support.pingidentity.com/s/article/PingFederate-unexpected-template-rendering-in-redirectless-mode https://access.redhat.com/security/cve/cve-2025-26862

Share on: