CVE-2025-12547
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12547
EUVD
EUVD-2025-37396
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
logicaldoc logicaldoc to 9.2.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12547 is a vulnerability in LogicalDOC Community Edition up to version 9.2.1, specifically in the admin login page (/login.jsp). It allows unauthenticated attackers to perform automated brute-force password guessing because the application does not properly restrict excessive authentication attempts. The login endpoint lacks protections such as account lockout, rate limiting, CAPTCHA, or multi-factor authentication. Additionally, the application leaks information through HTTP responses that lets attackers distinguish between failed and successful login attempts, making it easier to find valid credentials and gain full administrative access. [1, 2, 3]

Impact Analysis

This vulnerability can lead to unauthorized access to the admin account, allowing attackers to access sensitive documents and configurations, modify or delete data, create privileged accounts, and potentially move laterally within the network. It also enables attackers to maintain persistence after compromise. The exposure can result in regulatory, compliance, and reputational risks for the affected organization. [1, 3]

Compliance Impact

The vulnerability exposes sensitive data and administrative controls to unauthorized access, which can lead to breaches of confidentiality and data protection requirements under standards like GDPR and HIPAA. This unauthorized access and potential data compromise increase regulatory and compliance risks, potentially resulting in violations of these regulations. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring for automated brute-force login attempts against the /login.jsp admin login page of LogicalDOC Community Edition 9.2.1. Detection involves observing repeated authentication attempts with varying passwords for a fixed username (e.g., "admin") and analyzing HTTP response patterns. Specifically, failed login attempts return HTTP status code 302 with a response length of 675 bytes, while successful logins return status code 200 with a response length of 796 bytes. Commands to detect this could include using tools like Burp Suite Intruder or Hydra to simulate login attempts and observe responses. Network monitoring tools or WAF logs can be checked for repeated POST requests to /login.jsp with differing passwords and the described response discrepancies. Additionally, searching for the presence of the vulnerable endpoint using Google dorking (e.g., inurl:login.jsp) can help identify affected systems. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include implementing account lockout or progressive rate limiting after multiple failed login attempts to prevent brute-force attacks. Enforce multi-factor authentication (MFA) for all admin accounts to add an additional layer of security. Normalize authentication responses to prevent attackers from distinguishing between successful and failed login attempts by making HTTP status codes and response lengths uniform. Introduce CAPTCHA or adaptive challenges after suspicious activity to block automated login attempts. Additionally, block or throttle suspicious IP addresses and deploy Web Application Firewall (WAF) rules to detect and prevent automated attacks targeting the /login.jsp endpoint. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12547. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart