Weak Password Reset Mechanism in Pivot Client Application by Maxhub
CVE-2025-53704

8.7HIGH

Key Information:

Vendor: Maxhub
Status: Pivot Client Application
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-53704?

The Pivot client application from Maxhub features a flawed password reset mechanism, which may allow unauthorized individuals to gain access to user accounts. This vulnerability can lead to account takeovers, putting sensitive user data at risk. Organizations using this application should assess their security measures and implement necessary safeguards to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pivot client application 0 < 1.36.2

Pivot client application 1.36.2

References

https://www.maxhub.com/en/support/

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Malik MAKKES of Abicom Groupe OCI reported this vulnerability to MAXHUB.

JSON

Maxhub

What is CVE-2025-53704?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.