PT-2025-42361 · Creativeitem · Creativeitem Academy Lms

Published

2025-10-15

Updated

2025-10-15

CVE-2025-56748

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13

Description The software uses predictable password reset tokens based on Base64 encoded templates and lacks rate limiting. This allows attackers to conduct brute force attacks to guess valid reset tokens and potentially compromise user accounts.

Recommendations Apply a fix that generates unpredictable password reset tokens. Implement rate limiting for password reset requests.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2025-56748

Affected Products

Creativeitem Academy Lms

PT-2025-42361 · Creativeitem · Creativeitem Academy Lms

CVE-2025-56748

Weakness Enumeration

Related Identifiers

Affected Products

References · 7