CVE-2025-59943
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-03

Last updated on: 2025-10-10

Assigner: GitHub, Inc.

Description
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-03
Last Modified
2025-10-10
Generated
2026-06-16
AI Q&A
2025-10-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59943
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phpmyfaq phpmyfaq 4.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-286 The product does not properly manage a user within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in phpMyFAQ versions 4.0-nightly-2025-10-03 and below allows multiple user accounts to be registered using the same email address because the system does not enforce email uniqueness during registration. Since email addresses are commonly used for password resets, notifications, and administrative actions, this flaw can cause confusion between accounts and, in some cases, may enable privilege escalation or account takeover.

Impact Analysis

The vulnerability can lead to account ambiguity where multiple accounts share the same email address, potentially causing confusion in password resets and notifications. In certain configurations, this may allow attackers to escalate privileges or take over accounts, compromising user security and access control.

Mitigation Strategies

Upgrade phpMyFAQ to version 4.0.13 or later, as this version fixes the issue by enforcing uniqueness of email addresses during user registration.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59943. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart