CVE-2025-10320
BaseFortify
Publication date: 2025-09-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iteachyou | dreamer_cms | 4.1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-521 | The product does not require that users should have strong passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in iteachyou Dreamer CMS up to version 4.1.3.2, specifically in the processing of the /admin/user/updatePwd file. It allows manipulation that results in weak password requirements, potentially enabling attackers to set weak passwords. The vulnerability can be exploited remotely but requires a high degree of complexity and is considered difficult to exploit. The exploit is publicly available.
How can this vulnerability impact me? :
The vulnerability can lead to weak password enforcement, which may allow attackers to compromise user accounts by setting or exploiting weak passwords. This can result in unauthorized access or privilege escalation within the CMS. However, exploitation is difficult and requires significant effort.