PT-2025-26675 · Apache · Apache
Joel Chang Zhi Kai
·
Published
2025-06-23
·
Updated
2025-06-24
·
CVE-2025-48461
CVSS v3.1
5.0
Medium
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Apache (affected versions not specified)
Description:
The issue allows an unauthenticated attacker to conduct brute force guessing and account takeover due to predictable session cookies. This could potentially allow attackers to gain root, admin, or user access and reset passwords.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache