Password Recovery Vulnerability in PAD CMS by PAD Technologies
CVE-2025-8117

8.7HIGH

Key Information:

Vendor: Polska Akademia Dostępności
Status: Pad Cms
Vendor: CVE Published:; 30 September 2025

🔔 Create Polska Akademia Dostępności Vulnerability Alert

What is CVE-2025-8117?

The PAD CMS platform features a security issue where the parameter used for password recovery is not properly initialized. This flaw allows unauthorized users to change passwords for any account that has not utilized the reset password functionality. This issue affects all variants of PAD CMS templates, including www, bip, and www+bip. Given that PAD CMS has reached its End-Of-Life, no patches or fixes will be provided for this critical security vulnerability, increasing the risk of exploitation.

Affected Version(s)

PAD CMS 0 <= 1.2.1

References

https://cert.pl/posts/2025/09/CVE-2025-7063

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Jul 24, 2025

Credit

Mateusz Jurczak (CERT.PL)

JSON