PT-2025-42805 · Taguette · Taguette

Published

2025-10-20

Updated

2025-10-22

CVE-2025-62527

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Taguette versions prior to 1.5.0

Description An issue exists that allows an attacker to request a password reset email containing a malicious link. If a victim clicks the link, the attacker can set the email address. The affected API endpoint is the password reset functionality. The vulnerable parameter is the email address used in the password reset request.

Recommendations Upgrade to Taguette version 1.5.0.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-15

Related Identifiers

CVE-2025-62527

GHSA-7RC8-5C8Q-JR6J

PYSEC-2025-187

Affected Products

Taguette

PT-2025-42805 · Taguette · Taguette

CVE-2025-62527

Weakness Enumeration

Related Identifiers

Affected Products

References · 13