Cm3 Acora Cms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-63314 CRITICAL Act Now

Acora CMS v10.7.1 uses a static, predictable password reset token. Attackers can replay this token to reset any user's password and take over their account, including admin accounts. Maximum CVSS 10.0 with scope change.

Authentication Bypass Session Fixation Cm3 Acora Cms

NVD GitHub

CVSS 3.1

10.0

EPSS

0.1%

CVE-2025-63314

EPSS 0% CVSS 10.0

CRITICAL Act Now

Acora CMS v10.7.1 uses a static, predictable password reset token. Attackers can replay this token to reset any user's password and take over their account, including admin accounts. Maximum CVSS 10.0 with scope change.

Authentication Bypass Session Fixation Cm3 Acora Cms

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy