CVE-2025-12310
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-10-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| virtfusion | virtfusion | 6.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in VirtFusion up to version 6.0.2 affects the Email Change Handler component, specifically the /account/_settings file. It allows an attacker to remotely manipulate the system to bypass proper restrictions on excessive authentication attempts, potentially enabling repeated unauthorized attempts to authenticate.
How can this vulnerability impact me? :
The vulnerability can lead to an attacker performing excessive authentication attempts without proper restriction, which may result in unauthorized access or manipulation of user accounts. Although it does not directly impact confidentiality or availability, it can compromise the integrity of the system by allowing unauthorized changes.