CNNVD-202512-2248 Information
CNNVD ID
CNNVD-202512-2248
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
Ibexa User Bundle是Ibexa开源的一个内容管理系统。 Ibexa User Bundle 5.0.0-beta1至5.0.3版本存在安全漏洞,该漏洞源于缺少密码验证,可能导致登录用户无需知道旧密码即可更改密码。
Description (English)
Ibexa User Bundle is an Ibexa open-source content management system. There is a security loophole in versions 5.0.0-beta1 to 5.0.3 of Ibexa User Bundle, which stems from the lack of password authentication and may result in the user of the login without having to know the old password to change the password.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ibexa
Published
2025-12-11
Last Modified
2026-02-24
References
https://developers.ibexa.co/security-advisories/ibexa-sa-2025-005-password-change-and-xss-vulnerabilities-in-back-office https://github.com/ibexa/user/commit/9d485bf385e6401c9f7ee80287d8ccd00f73dcf4 https://github.com/ibexa/user/security/advisories/GHSA-x93p-w2ch-fg67
Patch
https://github.com/ibexa/user/releases
Share on: