CVE-2025-1108

Name of the Vulnerable Software and Affected Versions Janto versions prior to r12

Description The issue concerns an insufficient data authenticity verification vulnerability. This vulnerability allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the issue, the attacker must create a POST request by injecting malicious content into the Xml parameter on the "/public/cgi/Gateway.php" endpoint.

Recommendations For versions prior to r12, as a temporary workaround, consider restricting access to the "/public/cgi/Gateway.php" endpoint to minimize the risk of exploitation. Avoid using the Xml parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.