CNNVD-202511-3033 Information

CNNVD ID

CNNVD-202511-3033

Related CVE

CVE-2025-66225

• CNNVD Published: 2025-11-29

Description (Chinese)

OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统（HRM）。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.0版本至5.7版本存在数据伪造问题漏洞，该漏洞源于密码重置流程验证不足，可能导致账户接管。

Description (English)

OrangeHRM is a human resources management system (HRM) for OrangeHRM in the United States. The system supports functions such as personnel information management, leave administration, attendance and recruitment management. There is a gap in data forgery in OrangeHRM versions 5.0 to 5.7, which arises from inadequate password re-engineering process validation, which may lead to account takeover.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

OrangeHRM

Published

2025-11-29

Last Modified

2026-02-24

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-5ghw-9775-v263 https://access.redhat.com/security/cve/cve-2025-66225

Patch

https://www.orangehrm.com/