CVE-2025-15398 | Uasoft badaso up to 2.9.7 Token BadasoAuthController.php forgetPassword password recovery

Inserito da Angelo Barbosa | Dic 31, 2025 | CVE

A vulnerability classified as problematic was found in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery.

This vulnerability is documented as CVE-2025-15398. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15398 | Uasoft badaso up to 2.9.7 Token BadasoAuthController.php forgetPassword password recovery

Post correlati

CVE-2024-27873 | Apple iOS/iPadOS Video out-of-bounds write

CVE-2025-7327 | Widget for Google Reviews Plugin up to 1.0.15 on WordPress path traversal

CVE-2024-2117 | Elementor Website Builder Plugin up to 3.20.2 on WordPress Path Widget cross site scripting

CVE-2024-41285 | FAST FW300R 1.3.13 File Path stack-based overflow