CVE-2025-15398 | Uasoft badaso up to 2.9.7 Token BadasoAuthController.php forgetPassword password recovery

Inserito da Angelo Barbosa | Dic 31, 2025 | CVE

A vulnerability classified as problematic was found in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery.

This vulnerability is documented as CVE-2025-15398. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15398 | Uasoft badaso up to 2.9.7 Token BadasoAuthController.php forgetPassword password recovery

Post correlati

CVE-2023-7018 | huggingface transformers up to 4.35 deserialization

CVE-2024-0459 | Blood Bank & Donor Management 5.6 request-received-bydonar.php sql injection

CVE-2023-51555 | Foxit PDF Reader Doc out-of-bounds (ZDI-23-1868)

CVE-2025-32873 | Django up to 4.2.20/5.1.8/5.2.0 django.utils.html.strip_tags denial of service