Home > Vulnerability Database > CVE-2025-51586

Mend.io Vulnerability Database

CVE-2025-51586

Good to know:

Date: September 7, 2025

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.

Severity Score

6.5

Related Resources (11)

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-51586

Url: https://github.com/PrestaShop/PrestaShop

Url: https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release

Url: https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb

Url: https://prestashop.com/

Url: https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3

Url: https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md

Url: https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1

Url: https://prestashop.com

Url: https://www.mend.io/vulnerability-database/CVE-2025-51586

Severity Score

6.5

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

Top Fix

Upgrade Version

Upgrade to version https://github.com/PrestaShop/PrestaShop.git - 8.2.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-51586

Good to know:

Date: September 7, 2025

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?