CVE-2025-60954HIGH 8.3EPSS p28.9%

CVE-2025-60954CVE-2025-60954

Description

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS0.37% probability of exploitation · percentile 28.9% · 2026-06-18T12:00:27Z
Published2025-10-24
Last modified2025-10-28

Underlying weaknesses· 1

CWE-521

References

  1. https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646
  2. https://github.com/microweber/microweber
  3. https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954

1

TypeTargetConfidenceTier
WeaknessWeak Password Requirementscwe-5210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15030
CVE
CVE-2025-14975
CVE
CVE-2025-1341
CVE
CVE-2025-51543
CVE
CVE-2025-13565
CVE
CVE-2025-13560
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.