CVE-2025-62294
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-11-24

Assigner: CERT.PL

Description
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-11-24
Generated
2026-05-07
AI Q&A
2025-11-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-62294
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
soplanning soplanning to 1.55.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-340 The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in SOPlanning involves the predictable generation of password recovery tokens. Because the mechanism for creating these tokens is weak, an attacker can brute-force all possible token values and take over any user account within a reasonable amount of time.


How can this vulnerability impact me? :

This vulnerability can allow a malicious attacker to gain unauthorized access to user accounts by brute-forcing password recovery tokens. This can lead to account takeover, potentially compromising personal or sensitive information and causing loss of control over affected accounts.


What immediate steps should I take to mitigate this vulnerability?

Upgrade SOPlanning to version 1.55 or later, where the vulnerability has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart