CVE-2025-1107CRITICAL 9.9EPSS p29.9%

CVE-2025-1107CVE-2025-1107

Description

Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
EPSS0.38% probability of exploitation · percentile 29.9% · 2026-06-19T12:03:05Z
Published2025-02-07
Last modified2026-04-15

Underlying weaknesses· 1

CWE-620

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto

1

TypeTargetConfidenceTier
WeaknessUnverified Password Changecwe-6200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1108
CVE
CVE-2025-11007
CVE
CVE-2025-40728
CVE
CVE-2025-28232
CVE
CVE-2025-14975
CVE
October CMS Improper Authentication
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.