CVE-2021-25957 — Vulnetix

CVE-2021-25957 PUBLISHED

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password.

EPSS 0.33% · 55.9th percentile

Risk Scores

EPSS Score

0.33%

55.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	dolibarr	3.5.5+dfsg1-2, 3.5.7+dfsg1-1, 3.5.8+dfsg1-1

Exploit Intelligence

Timeline

Aug 17, 2021 CVE Published
Aug 18, 2021 EPSS Score
Aug 24, 2021 CVE Updated
Oct 15, 2021 EPSS Score
Dec 13, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 9, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 9, 2022 EPSS Score
Jun 6, 2022 EPSS Score
Oct 2, 2022 EPSS Score
Nov 30, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-25957 third-party-advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957 third-party-advisory
https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-25957 third-party-advisory

Open in Interactive Console →