{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:28:02.696","vulnerabilities":[{"cve":{"id":"CVE-2025-8119","sourceIdentifier":"cvd@cert.pl","published":"2025-09-30T11:37:44.167","lastModified":"2025-11-26T14:40:55.727","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cvd@cert.pl","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue affects all 3 templates: www, bip and www+bip.\n\nThis product is End-Of-Life and producent will not publish patches for this vulnerability."},{"lang":"es","value":"PAD CMS es vulnerable a falsificación de petición en sitios cruzados en la funcionalidad de restablecimiento de contraseña. Un atacante malicioso puede crear un sitio web especial que, al ser visitado por la víctima, enviará automáticamente una petición POST cambiando la contraseña del usuario actualmente autenticado al valor definido por el atacante. Este problema afecta a las 3 plantillas: www, bip y www+bip.\n\nEste producto está al final de su vida útil y el productor no publicará parches para esta vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:widzialni:pad_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.1","matchCriteriaId":"F470DB7E-6AE8-4B22-9D20-38CC7D199023"}]}]}],"references":[{"url":"https://cert.pl/posts/2025/09/CVE-2025-7063","source":"cvd@cert.pl","tags":["Third Party Advisory"]}]}}]}