Home > Vulnerability Database > CVE-2025-60954

Mend.io Vulnerability Database

CVE-2025-60954

Good to know:

Date: October 23, 2025

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

Severity Score

8.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-60954

Url: https://github.com/microweber/microweber

Url: https://github.com/progprnv/CVE-Reports/blob/main/CVE-2025-60954

Url: https://gist.github.com/progprnv/feae2b76f2db0cb2ac6e14b1bf7d8646

Url: https://www.mend.io/vulnerability-database/CVE-2025-60954

Severity Score

8.3

Weakness Type (CWE)

Weak Password Requirements

CWE-521

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-60954

Good to know:

Date: October 23, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?