Weak Password Security in Microweber CMS 2.0 by Microweber
CVE-2025-60954

8.3HIGH

Key Information:

Vendor: Microweber
Status: Microweber CMS
Vendor: CVE Published:; 24 October 2025

What is CVE-2025-60954?

Microweber CMS 2.0 has a significant weakness in its password security protocols. The system does not enforce adequate password length or complexity during password resets, allowing users to create passwords that are overly simplistic, including those as short as a single character. This lack of stringent password policy poses a serious risk of account compromise, making both user and administrative accounts vulnerable to unauthorized access. It is critical for users of Microweber CMS 2.0 to implement stronger password practices to enhance their security.

References

https://github.com/microweber/microweber

https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1...

https://github.com/progprnv/CVE-Reports/blob/main/CVE-202...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2025
Vulnerability Reserved
Sep 26, 2025

JSON