Description

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.

INFO

Published Date :

2026-01-12T00:00:00.000Z

Last Modified :

2026-01-12T18:40:07.736Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63314 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63314.

URL Resource
http://acora.com cve-icon cve-icon
http://ddsn.com cve-icon cve-icon
https://github.com/padayali-JD/CVE-2025-63314 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System