User Enumeration Vulnerability in MeetMe Authentication Service
CVE-2025-2910

6.9MEDIUM

Key Information:

Vendor: Fermax
Status: Meetme
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-2910?

The MeetMe authentication service has a user enumeration vulnerability in its password reset module, enabling attackers to discover registered email addresses. By leveraging specific error messages generated during the password reset process, an attacker can ascertain whether a given email address is associated with a registered account. This can potentially lead to further exploitation, making it essential for users and administrators to address this issue by updating the service to the latest version.

Affected Version(s)

MeetMe 0 < 2024-09

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Fermax cybersecurity team

CVE-2025-2910 Data

JSON