CVE-2025-22144

{"id": "CVE-2025-22144", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-13T20:15:29.817", "references": [{"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.3", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-610"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "NamelessMC es un software gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. Un usuario con permisos admincp.core.emails o admincp.users.edit puede validar usuarios y un atacante puede restablecer sus contrase\u00f1as. Cuando la cuenta se aprueba correctamente por correo electr\u00f3nico, el c\u00f3digo de restablecimiento es NULL, pero cuando la cuenta es validada manualmente por un usuario con permisos admincp.core.emails o admincp.users.edit, el c\u00f3digo de restablecimiento ya no ser\u00e1 NULL, sino que estar\u00e1 vac\u00edo. Un atacante puede solicitar http://localhost/nameless/index.php?route=/forgot_password/&c= y restablecer la contrase\u00f1a. Como resultado, un atacante puede comprometer la contrase\u00f1a de otro usuario y tomar el control de su cuenta. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 2.1.3 y se recomienda a todos los usuarios que la actualicen. No se conocen Workarounds para esta vulnerabilidad."}], "lastModified": "2025-05-13T15:42:53.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4402A4C5-43C3-4436-B207-1374812080DD", "versionEndExcluding": "2.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}