CVE-2025-52392

Name of the Vulnerable Software and Affected Versions: Soosyze CMS version 2.0

Description: Soosyze CMS version 2.0 is susceptible to brute-force login attacks via the /user/login endpoint. The absence of rate-limiting and lockout mechanisms allows attackers to repeatedly submit login attempts, potentially gaining unauthorized administrative access. This issue corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.

Recommendations: Implement rate-limiting on the /user/login endpoint to restrict the number of login attempts within a specific timeframe. Implement account lockout mechanisms to temporarily disable accounts after a certain number of failed login attempts.