CVE-2025-67719

Name of the Vulnerable Software and Affected Versions Ibexa versions 5.0.0-beta1 through 5.0.3

Description Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 lack proper password validation during password changes. An error introduced during the transition from version 4 to version 5 prevents the previous password validation from running as expected. This allows a logged-in user to change their password without knowing the previous password. An attacker could exploit this by accessing an unattended session and changing the password, effectively locking the legitimate user out of their account.

Recommendations Upgrade to version 5.0.4.