Skip to main content
CVE-2025-6216 CRITICAL POC THREAT Emergency

Allegra project tracking software contains an authentication bypass in the password recovery token generation. Unauthenticated remote attackers can calculate the token expiration date and generate valid password reset tokens, allowing them to reset any user's password including administrators.

Authentication Bypass Allegra
NVD GitHub
CVSS 3.0
9.8
EPSS
25.4%
Threat
4.2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy