CVE-2025-52338
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-20
Assigner: MITRE
Description
Description
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logicdata | ecommerce_framework | 5.0.9.7000 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000. It allows attackers to bypass authentication and compromise user accounts by performing a bruteforce attack.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to user accounts, potentially allowing attackers to take over accounts, access sensitive information, and perform actions on behalf of legitimate users.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70