CVE Catalog
CVE-2025-51543
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.32%
24th percentile - higher than 24% of all known CVEs
Summary
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.
Risk Assessment
Attackers can take over the administrator account, leading to full system compromise and access to sensitive data.
Recommendation
Immediately update Cicool builder to the latest version and restrict access to the password reset endpoint to authorized users only.
Original NVD description (English source)
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.

