Home > Vulnerability Database > CVE-2025-24980

Mend.io Vulnerability Database

CVE-2025-24980

Date: February 7, 2025

pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/pimcore/admin-ui-classic-bundle/pull/808

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24980

Url: https://github.com/pimcore/admin-ui-classic-bundle

Url: https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24

Url: https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9

Url: https://www.mend.io/vulnerability-database/CVE-2025-24980

Severity Score

5.3

Weakness Type (CWE)

Observable Response Discrepancy

CWE-204

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24980

Date: February 7, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?