CVE-2025-8117

Summary

PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip.

This product is End-Of-Life and producent will not publish patches for this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Polska Akademia DostępnościPAD CMS0 <= 1.2.1affected

Weaknesses

  • CWE-909: CWE-909 Missing Initialization of Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References