CVE-2025-60954

8.3 HIGH
Published: October 24, 2025 Modified: October 28, 2025
View on NVD

Description

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646
Source: cve@mitre.org
Exploit Third Party Advisory
https://github.com/microweber/microweber
Source: cve@mitre.org
Product
https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954
Source: cve@mitre.org
Exploit Third Party Advisory

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.3 / 10.0
EPSS (Exploit Probability)
0.1%
19th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-521

Affected Vendors

microweber

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A