CVE-2025-62294
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-11-24

Assigner: CERT.PL

Description
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-11-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62294
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
soplanning soplanning to 1.55.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-340 The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in SOPlanning involves the predictable generation of password recovery tokens. Because the mechanism for creating these tokens is weak, an attacker can brute-force all possible token values and take over any user account within a reasonable amount of time.

Impact Analysis

This vulnerability can allow a malicious attacker to gain unauthorized access to user accounts by brute-forcing password recovery tokens. This can lead to account takeover, potentially compromising personal or sensitive information and causing loss of control over affected accounts.

Mitigation Strategies

Upgrade SOPlanning to version 1.55 or later, where the vulnerability has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62294. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart