CNNVD-202512-5502 Information

Dec 31, 2025 cve

CNNVD ID

CNNVD-202512-5502

CVE-2025-15398

CNNVD Published: 2025-12-31

Description (Chinese)

Badaso是Uasoft开源的一个开源的 Laravel Vue 无头 CMS。 Badaso 2.9.7及之前版本存在安全漏洞，该漏洞源于Token Handler组件文件src/Controllers/BadasoAuthController.php中forgetPassword函数存在弱密码恢复机制，可能导致远程攻击。

Description (English)

Badasso is an open source of Usoft open source, Laravel Vue without head CMS. Badasso 2.9.7 and previous versions contain a security loophole, which stems from the weak password-restoration mechanism in the ForgetPassword function in the Token Handler component file src/Controllers/BadasoAuthController.php, which could lead to a long-range attack.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Uasoft

Published

2025-12-31

Last Modified

2026-02-24

References

https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq https://note-hxlab.wetolink.com/share/HG1CWbb7FVnq#-span–strong-step-1–trigger-password-reset-for-victim–strong—span- https://vuldb.com/?ctiid.339207 https://vuldb.com/?id.339207 https://vuldb.com/?submit.720129

Share on: