CVE-2025-1108HIGH 8.6EPSS p9.2%

CVE-2025-1108CVE-2025-1108

Description

Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS0.19% probability of exploitation · percentile 9.2% · 2026-06-19T12:03:05Z
Published2025-02-07
Last modified2026-04-15

Underlying weaknesses· 1

CWE-345

References

  1. https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto

1

TypeTargetConfidenceTier
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1107
CVE
CVE-2026-39110
CVE
CVE-2025-40886
CVE
CVE-2025-22800
CVE
CVE-2026-1670
CVE
October CMS Improper Authentication
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.