Description

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users.

INFO

Published Date :

2025-11-25T00:00:00.000Z

Last Modified :

2025-11-25T21:37:29.528Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-51741 vulnerability.

Vendors Products
Echo Project
  • Echo
Interviewx
  • Echo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-51741.

URL Resource
http://echo.com cve-icon cve-icon
https://gist.github.com/Paxsizy/9d92e8746778cf0926705d89b4f3618c cve-icon cve-icon
https://github.com/Veal98/Echo cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact