← Voltar para CVEs
CVE-2025-9109
LOW3.7
Descricao
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.
Detalhes CVE
Pontuacao CVSS v3.13.7
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/18/2025
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
portabilis:i-diario
Fraquezas (CWE)
CWE-203CWE-204
Referencias
https://vuldb.com/?ctiid.320431(cna@vuldb.com)
https://vuldb.com/?id.320431(cna@vuldb.com)
https://vuldb.com/?submit.627926(cna@vuldb.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.