CVE-2025-12547
BaseFortify
Publication date: 2025-10-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logicaldoc | logicaldoc | to 9.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12547 is a vulnerability in LogicalDOC Community Edition up to version 9.2.1, specifically in the admin login page (/login.jsp). It allows unauthenticated attackers to perform automated brute-force password guessing because the application does not properly restrict excessive authentication attempts. The login endpoint lacks protections such as account lockout, rate limiting, CAPTCHA, or multi-factor authentication. Additionally, the application leaks information through HTTP responses that lets attackers distinguish between failed and successful login attempts, making it easier to find valid credentials and gain full administrative access. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to the admin account, allowing attackers to access sensitive documents and configurations, modify or delete data, create privileged accounts, and potentially move laterally within the network. It also enables attackers to maintain persistence after compromise. The exposure can result in regulatory, compliance, and reputational risks for the affected organization. [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability exposes sensitive data and administrative controls to unauthorized access, which can lead to breaches of confidentiality and data protection requirements under standards like GDPR and HIPAA. This unauthorized access and potential data compromise increase regulatory and compliance risks, potentially resulting in violations of these regulations. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for automated brute-force login attempts against the /login.jsp admin login page of LogicalDOC Community Edition 9.2.1. Detection involves observing repeated authentication attempts with varying passwords for a fixed username (e.g., "admin") and analyzing HTTP response patterns. Specifically, failed login attempts return HTTP status code 302 with a response length of 675 bytes, while successful logins return status code 200 with a response length of 796 bytes. Commands to detect this could include using tools like Burp Suite Intruder or Hydra to simulate login attempts and observe responses. Network monitoring tools or WAF logs can be checked for repeated POST requests to /login.jsp with differing passwords and the described response discrepancies. Additionally, searching for the presence of the vulnerable endpoint using Google dorking (e.g., inurl:login.jsp) can help identify affected systems. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing account lockout or progressive rate limiting after multiple failed login attempts to prevent brute-force attacks. Enforce multi-factor authentication (MFA) for all admin accounts to add an additional layer of security. Normalize authentication responses to prevent attackers from distinguishing between successful and failed login attempts by making HTTP status codes and response lengths uniform. Introduce CAPTCHA or adaptive challenges after suspicious activity to block automated login attempts. Additionally, block or throttle suspicious IP addresses and deploy Web Application Firewall (WAF) rules to detect and prevent automated attacks targeting the /login.jsp endpoint. [1, 3]