CVE-2025-1107
Published: 07 February 2025
Description
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
Security Summary
CVE-2025-1107 is an unverified password change vulnerability in Janto versions prior to r12. The issue resides in the endpoint '/public/cgi/Gateway.php', where an attacker can submit a specific POST request to change another user's password without verifying or knowing the current password. Published on 2025-02-07, it is linked to CWE-620 and carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L), indicating critical severity due to its network accessibility, lack of privileges or user interaction needed, and impacts across confidentiality, integrity, and availability with changed scope.
Unauthenticated attackers can exploit this vulnerability remotely by crafting and sending the malicious POST request to the vulnerable endpoint. Exploitation requires low complexity and enables full password reset for any targeted user account, granting the attacker unauthorized access to that account and potentially broader system compromise depending on user privileges.
The INCIBE-CERT advisory on multiple vulnerabilities in Janto, available at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto, provides further details on this issue among others affecting the software.
Details
- CWE(s)