Home

Description

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

PUBLISHED Reserved 2025-04-22 | Published 2025-09-02 | Updated 2025-09-02 | Assigner mitre

References

github.com/Silverpeas/Silverpeas-Core/pull/1399

github.com/J0ey17/Silverpeas-Username-Enumeration-PoC

cve.org (CVE-2025-46047)

nvd.nist.gov (CVE-2025-46047)

Download JSON