CVE-2025-70833CRITICAL 9.4EPSS p31.4%

CVE-2025-70833CVE-2025-70833

Description

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the administrator) and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php.

Scoring

CVSS 3.19.4 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS0.40% probability of exploitation · percentile 31.4% · 2026-06-19T12:03:05Z
Published2026-02-20
Last modified2026-02-26

Underlying weaknesses· 2

CWE-287CWE-639

References

  1. https://github.com/LX-66-LX/cve/issues/4

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-70831
CVE
CVE-2025-70810
CVE
CVE-2026-25471
CVE
CVE-2025-57119
CVE
CVE-2025-2253
CVE
October CMS Improper Authentication
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.