CVE-2025-12547

CVE-2025-12547 is a vulnerability in LogicalDOC Community Edition up to version 9.2.1, affecting unknown code in the /login.jsp file of the Admin Login Page component. It involves improper restriction of excessive authentication attempts (CWE-307, CWE-799), enabling potential brute-force attacks against login functionality. The issue carries a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N), rated as low severity due to its high attack complexity and limited impact to low confidentiality.

The vulnerability can be exploited remotely by unauthenticated attackers over the network, though it requires high complexity, making practical exploitability difficult. Successful exploitation allows limited disclosure of confidential information, likely through repeated authentication attempts that bypass rate limiting, but without impacting integrity or availability. A public exploit is available, increasing the risk despite the challenges.

Advisories from VulDB (CTI ID 330807) detail the issue, noting early vendor contact with no response, implying no official patch or mitigation guidance is available. References include an exploit gist at https://gist.github.com/thezeekhan/869aeb01bd981667c35dcac3e72c2bfa and VulDB entries at https://vuldb.com/?ctiid.330807, https://vuldb.com/?id.330807, and https://vuldb.com/?submit.677172.

The exploit is publicly available and might be used in targeted scenarios, though no real-world exploitation has been reported as of the CVE publication on 2025-10-31.