CVE Catalog

CVE-2025-51543

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.

Risk Assessment

Attackers can take over the administrator account, leading to full system compromise and access to sensitive data.

Recommendation

Immediately update Cicool builder to the latest version and restrict access to the password reset endpoint to authorized users only.

Original NVD description (English source)

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS