CVE-2025-51741

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Veal98 Echo Open-Source Community System versions 2.2 through 2.3

Description An unauthenticated attacker can cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint. This could lead to a denial of service for the server or the users receiving the messages. The vulnerable parameter is not specified.

Recommendations Versions 2.2 through 2.3 should be updated to a fixed version when available. As a temporary workaround, restrict access to the /sendEmailCodeForResetPwd endpoint.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2025-51741

Affected Products

Veal98 Echo

CVE-2025-51741

Weakness Enumeration

Related Identifiers

Affected Products

References · 8