An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.
References
Configurations
History
20 May 2025, 20:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Optimizely optimizely Cms
Optimizely |
|
CPE | cpe:2.3:a:optimizely:optimizely_cms:*:*:*:*:*:*:*:* | |
References | () https://support.optimizely.com/hc/en-us/articles/33182255281293-Content-Management-System-CMS-Security-Advisory-CMS-2025-02 - Vendor Advisory | |
Summary |
|
06 Jan 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
04 Jan 2025, 03:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-521 |
04 Jan 2025, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-01-04 02:15
Updated : 2025-05-20 20:10
NVD link : CVE-2025-22390
Mitre link : CVE-2025-22390
CVE.ORG link : CVE-2025-22390
JSON object : View
Products Affected
optimizely
- optimizely_cms
CWE
CWE-521
Weak Password Requirements