CVE-2025-53522
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Six Apart Ltd. | Movable Type (Software Edition) | 8.0.0 to 8.0.6 | affected |
| Six Apart Ltd. | Movable Type (Software Edition) | 8.4.0 to 8.4.2 (8 series) | affected |
| Six Apart Ltd. | Movable Type (Software Edition) | 7 r.5508 and earlier (7 series) | affected |
| Six Apart Ltd. | Movable Type Advanced (Software Edition) | 8.0.0 to 8.0.6 | affected |
| Six Apart Ltd. | Movable Type Advanced (Software Edition) | 8.4.0 to 8.4.2 (8 series) | affected |
| Six Apart Ltd. | Movable Type Advanced (Software Edition) | 7 r.5508 and earlier (7 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Software Edition) | 2.09 and earlier (2 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Software Edition) | 1.66 and earlier (1 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Advanced Edition) (Software Edition) | 2.09 and earlier (2 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Advanced Edition) (Software Edition) | 1.66 and earlier (1 series) | affected |
| Six Apart Ltd. | Movable Type (Cloud Edition) | 8.6.0 (8 series) | affected |
| Six Apart Ltd. | Movable Type (Cloud Edition) | 7 r.5508 (7 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Cloud Edition) | 2.09 (2 series) | affected |
| Six Apart Ltd. | Movable Type Premium (Cloud Edition) | 1.66 (1 series) | affected |
Weaknesses
- CWE-348: Use of less trusted source
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.