What is the CVSS score of CVE-2025-6216?

CVE-2025-6216 has a CVSS 3.0 base score of 9.8 (Critical). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 25.4%.

Which versions of Allegra are affected by CVE-2025-6216?

A critical authentication bypass vulnerability in Allegra's password recovery mechanism allows unauthenticated attackers to gain unauthorized access to user accounts.

Is there a public PoC exploit available for CVE-2025-6216?

Yes, a public proof-of-concept exploit is available for CVE-2025-6216. Prioritise patching immediately. EPSS: 25.4%.

How to fix or mitigate CVE-2025-6216?

Within 24 hours: Disable the password recovery feature in Allegra if operationally feasible, or restrict access to the password reset endpoint via network firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to detect and block suspicious password recovery requests, deploy enhanced monitoring on authentication logs, and communicate incident response procedures to users. Within 30 days: Establish a contact list with Allegra vendor for patch availability, evaluate alternative solutions, and conduct a security audit of all user accounts for unauthorized access indicators.

Allegra CVE-2025-6216

EUVD-2025-28704 CRITICAL

Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

2025-06-21 zdi-disclosures@trendmicro.com

Authentication Bypass Allegra

9.8

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 21:35 euvd

EUVD-2025-28704

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

PoC Detected

Aug 18, 2025 - 15:58 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 01:15 nvd

CRITICAL 9.8

DescriptionNVD

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.

AnalysisAI

Allegra project tracking software contains an authentication bypass in the password recovery token generation. Unauthenticated remote attackers can calculate the token expiration date and generate valid password reset tokens, allowing them to reset any user's password including administrators.

Technical ContextAI

The calculateTokenExpDate function uses a predictable algorithm for generating password recovery tokens. An attacker can reverse-engineer or predict valid tokens without access to the target's email. By generating a valid reset token for the admin account, the attacker resets the password and gains full administrative access.

RemediationAI

Apply the vendor's security patch. Implement cryptographically secure random token generation. Add email verification for password resets. Monitor admin accounts for unauthorized password changes.

CVE-2025-6216 vulnerability details – vuln.today

Back

Allegra CVE-2025-6216

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code