7.1

CVE-2025-62527

EPSS 0.23%
Veröffentlicht 20.10.2025 20:03:29
Zuletzt bearbeitet 30.10.2025 17:00:06
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Taguette vulnerable to password reset link poisoning

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Taguette ≫ Taguette Version <= 1.5.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.137

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j

Vendor Advisory

Issue Tracking

https://gitlab.com/remram44/taguette/-/issues/331

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-62527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62527

EUVD