CVE-2025-12866

Name of the Vulnerable Software and Affected Versions Hundred Plus EIP Plus (affected versions not specified)

Description The software contains a Weak Password Recovery Mechanism, allowing unauthenticated remote attackers to predict or brute-force the 'forgot password' link or token. Successful exploitation enables attackers to reset any user's password, resulting in full account takeover. The vulnerability affects all versions of the software.

Recommendations Disable the password recovery feature immediately. Enable multi-factor authentication (MFA).