Improper Authentication Handling in LogicalDOC Community Edition Admin Login Page
CVE-2025-12547

6.3MEDIUM

Key Information:

Vendor: Logicaldoc
Status: Community Edition
Vendor: CVE Published:; 31 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12547?

A security flaw has been detected in the LogicalDOC Community Edition affecting the admin login page. Specifically, the file /login.jsp is vulnerable to manipulation, allowing for improper restriction on excessive authentication attempts. This could enable attackers to attempt unauthorized access through remote execution, although the complexity of the attack is high. Despite the public availability of the exploit, the vendor did not respond to early disclosures about this issue.

Affected Version(s)

Community Edition 9.2.0

Community Edition 9.2.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12547 - Proof of Concept

References

https://vuldb.com/?id.330807

vdb-entry

https://vuldb.com/?ctiid.330807

signaturepermissions-required

https://vuldb.com/?submit.677172

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 31, 2025
👾
Exploit known to exist
Oct 31, 2025
Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

Zeeshan Khan (VulDB User)

JSON

Logicaldoc

Badges

What is CVE-2025-12547?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit