← back
CVE-2025-60954

CVE-2025-60954

CVSS 8.3 HIGHEPSS 0.4%CWE-521
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646https://github.com/microweber/microweberhttps://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954