CVE-2025-22390

Name of the Vulnerable Software and Affected Versions Optimizely EPiServer.CMS.Core versions prior to 12.32.0

Description A medium-severity issue exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.

Recommendations For versions prior to 12.32.0, update to version 12.32.0 or later to resolve the issue. As a temporary workaround, consider enforcing stronger password policies to minimize the risk of exploitation. Restrict access to password settings to minimize the risk of weak passwords being set. Avoid using weak passwords until the issue is resolved.