CVE-2025-46047
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silverpeas | silverpeas | 6.4.1 |
| silverpeas | silverpeas | 6.4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46047 is a username enumeration vulnerability in Silverpeas versions 6.4.1 and 6.4.2. It exists in the /CredentialsServlet/ForgotPassword endpoint, where an attacker can send a POST request with a username in the Login parameter. The server responds differently depending on whether the username is valid or not (HTTP 200 OK for valid usernames and HTTP 302 Found for invalid ones). This difference in response allows remote attackers to determine which usernames are valid on the system without authentication. [2]
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated remote attacker to enumerate valid usernames on the Silverpeas system. Knowing valid usernames can facilitate further attacks such as password guessing, phishing, or social engineering. It can also expose user information that should remain confidential, potentially leading to unauthorized access or data breaches. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards like GDPR and HIPAA because it leaks information about valid user accounts, which is considered personal or sensitive information. Such information disclosure can violate data protection requirements that mandate safeguarding user data against unauthorized access or exposure. Organizations must address this vulnerability to maintain compliance and protect user privacy. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending POST requests to the /silverpeas/CredentialsServlet/ForgotPassword endpoint with different usernames in the 'Login' parameter and observing the HTTP response codes. Valid usernames return HTTP 200 OK, while invalid usernames return HTTP 302 Found. A proof-of-concept Python script named silverpeas_enum_poc.py automates this process by sending requests and analyzing responses to enumerate valid usernames. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Silverpeas to version 6.4.3 or later, where the vulnerability is fixed by removing the ability to change passwords directly through the login page, implementing uniform error handling that does not reveal username validity, and ensuring HTTP responses do not differ based on username validity. These changes prevent user enumeration by providing consistent responses to password reset requests. [1, 2]