Pimcore · Pimcore Admin Classic Bundle · CVE-2025-24980
**Name of the Vulnerable Software and Affected Versions**
pimcore/admin-ui-classic-bundle versions prior to 1.7.4
**Description**
The issue concerns an error message in the "Forgot password" function that discloses existing accounts, leading to user enumeration on the target. This allows attackers to identify valid usernames, potentially facilitating further attacks.
**Recommendations**
For versions prior to 1.7.4, upgrade to version 1.7.4 to address the issue. As a temporary workaround, consider restricting access to the "Forgot password" function until the upgrade is applied.