Main Vulnerability Database Vulnerabilities #VU119819

#VU119819 Unverified Password Change in Ibexa DXP

Published: December 10, 2025

Vulnerability identifier: #VU119819

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-620

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ibexa DXP

Software vendor:
Ibexa

Description

The vulnerability allows an attacker to perform unverified password change.

The vulnerability exists due to an error in the validation code which caused the validation of the previous password to fail. An attacker with access to the user's current session can change passwords in the back office without knowing the previous password.

Remediation

Install updates from vendor's website.

External links

https://ezplatform.com/security-advisories/ibexa-sa-2025-005-password-change-and-xss-vulnerabilities-in-back-office

#VU119819 Unverified Password Change in Ibexa DXP

Description

Remediation

External links

Please verify you're human