CVE-2025-8118

Name of the Vulnerable Software and Affected Versions PAD CMS (affected versions not specified)

Description The software utilizes weak client-side brute-force protection relying on cookies, specifically login count and login timeout. The attempt count and timeout information are not stored server-side, allowing attackers to bypass the protection by resetting these cookies. This affects all three templates: www, bip, and www+bip. The product is End-Of-Life and will not receive patches for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.