CVE-2025-52392

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://beafn28.gitbook.io/beafn28/cve/brute-force-login-vulnerability-in-soosyze-cms-2.0-cve-2025-52392
https://github.com/soosyze/soosyze/issues/269
https://www.exploit-db.com/exploits/52416

Configurations

No configuration.

History

19 Aug 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Soosyze CMS 2.0 permite ataques de inicio de sesión por fuerza bruta a través del endpoint /user/login debido a la falta de mecanismos de limitación de velocidad y bloqueo. Un atacante puede intentar iniciar sesión repetidamente sin restricciones, lo que podría permitirle obtener acceso administrativo no autorizado. Esta vulnerabilidad corresponde a CWE-307: Restricción incorrecta de intentos excesivos de autenticación.
References		() https://www.exploit-db.com/exploits/52416 -

13 Aug 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-307
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

13 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 14:15

Updated : 2025-08-19 16:15

NVD link : CVE-2025-52392

Mitre link : CVE-2025-52392

CVE.ORG link : CVE-2025-52392

JSON object : View

Products Affected

No product.

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

5.4 /10