← Volver a CVEs
CVE-2025-62512
MEDIUM5.3
Descripcion
Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/24/2026
Ultima modificacion2/25/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
piwigo:piwigo
Debilidades (CWE)
CWE-204
Referencias
https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.