Main Vulnerability Database SB2025062017

SB2025062017 - Improper Authentication in Allegra

Published: June 20, 2025

Security Bulletin ID SB2025062017

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2025-6216)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to reliance upon a predictable value when generating a password reset token. A remote attacker can bypass authentication on the target application.

Remediation

Install update from vendor's website.

References

https://www.zerodayinitiative.com/advisories/ZDI-25-410/
https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2