CVE-2025-2910

Summary

User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages.

Affected Software

VendorProductVersion RangeStatus
FermaxMeetMe0 < 2024-09affected

Weaknesses

  • CWE-204: CWE-204: Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References