Home / Vulnerability Intelligence / CVE-2025-62512

CVE-2025-62512 - Vulnerability Analysis

MediumCVSS: 5.3

Last Updated: February 25, 2026

Piwigo - Authentication Bypass

Published: February 24, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

Piwigo 15.5.0 and earlier 15.x versions contain a user enumeration vulnerability caused by distinct messages in password reset functionality at password.php?action=lost, letting unauthenticated attackers determine valid usernames or emails, exploit requires no authentication.

Severity & Score

Severity: Medium

CVSS Score: 5.3

Impact

Unauthenticated attackers can enumerate valid usernames or email addresses, aiding further targeted attacks.

Mitigation

Update to the latest version when available or apply mitigations to unify response messages.

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc

Related Resources

Details

CVE ID: CVE-2025-62512
Severity: Medium
CVSS Score: 5.3
Type: broken_authentication
Status: confirmed

CWE

CWE-204

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N