Main Vulnerability Database Exploits ID:12123 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in Piwigo - CVE-2025-62406

ID:12123 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in Piwigo - CVE-2025-62406

Published: November 19, 2025

Vulnerability identifier: #VU118614

Vulnerability risk: Medium

CVE-ID: CVE-2025-62406

CWE-ID: CWE-640

Exploitation vector: Remote access

Vulnerable software:
Piwigo

Link to public exploit:

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-9986-w7jf-33f6/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a weak password recovery mechanism for password change. A remote attacker can trick a victim to click a password-reset URL, steal the reset key and take over the account.

Remediation

Install updates from vendor's website.

ID:12123 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in Piwigo - CVE-2025-62406

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human