Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2025-01-13T19:49:03.887Z

Last Modified :

2025-01-13T20:21:06.877Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22144 vulnerability.

Vendors Products
Namelessmc
  • Nameless
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22144.

URL Resource
https://github.com/NamelessMC/Nameless/releases/tag/v2.1.3 cve-icon cve-icon
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact