CVE-2025-8119

Name of the Vulnerable Software and Affected Versions PAD CMS (affected versions not specified)

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue within the password reset functionality. A malicious actor could create a specially crafted website that, when visited by a victim, automatically submits a POST request to alter the currently logged-in user's password to a value determined by the attacker. This affects all three templates: www, bip, and www+bip. The product is End-Of-Life and the producer will not release patches for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.