CVE-2025-52392
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-13

Last updated on: 2025-08-19

Assigner: MITRE

Description
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-13
Last Modified
2025-08-19
Generated
2026-05-07
AI Q&A
2025-08-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52392
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
soosyze cms 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Soosyze CMS 2.0 allows attackers to perform brute-force login attacks on the /user/login endpoint because there are no rate-limiting or lockout mechanisms in place. This means an attacker can repeatedly try to log in without any restrictions, potentially gaining unauthorized administrative access.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized administrative access if an attacker successfully guesses login credentials through repeated attempts. This can compromise the security and integrity of the CMS, potentially allowing data breaches, unauthorized changes, or control over the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart