CVE-2025-63807
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-11-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weijiang1994 | blogin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the weijiang1994 university-bbs (Blogin) software. It involves a weak verification code generation mechanism combined with missing rate limiting, which allows attackers to perform brute-force attacks on verification codes without needing to authenticate. This means attackers can repeatedly try verification codes until they succeed.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may lead to account takeover through password reset or other authentication bypass methods, potentially compromising user accounts and sensitive information.