Description

WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.

INFO

Published Date :

2025-12-09T03:31:17.723Z

Last Modified :

2025-12-09T15:10:35.359Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67504 vulnerability.

Vendors Products
Wbce
  • Wbce Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67504.

URL Resource
https://cwe.mitre.org/data/definitions/338.html cve-icon cve-icon
https://github.com/WBCE/WBCE_CMS/commit/5d59fe021a5c6e469b1bf192b72ca652e54278f6 cve-icon cve-icon
https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.5 cve-icon cve-icon
https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact