User Enumeration Vulnerability in Silverpeas by Silverpeas
CVE-2025-46047

6.5MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-46047?

A user enumeration vulnerability exists within the /CredentialsServlet/ForgotPassword endpoint of Silverpeas versions 6.4.1 and 6.4.2. This flaw allows remote attackers to exploit the Login parameter to ascertain valid usernames, potentially facilitating unauthorized access and other malicious activities. To mitigate this risk, it is crucial to implement security best practices to protect user data and enhance overall application security.

References

https://github.com/Silverpeas/Silverpeas-Core/pull/1399

https://github.com/J0ey17/Silverpeas-Username-Enumeration...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Apr 22, 2025