CVE-2025-8117

Name of the Vulnerable Software and Affected Versions PAD CMS (affected versions not specified)

Description The software improperly initializes a parameter used during the password recovery process. This allows an attacker to change the password for any user who has not utilized the password reset functionality. The issue impacts all three templates: www, bip, and www+bip. The product is End-Of-Life and the producer will not release patches for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.