Home

Description

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-13 | Updated 2025-08-19 | Assigner mitre

References

github.com/soosyze/soosyze/issues/269

beafn28.gitbook.io/...lity-in-soosyze-cms-2.0-cve-2025-52392

www.exploit-db.com/exploits/52416

cve.org (CVE-2025-52392)

nvd.nist.gov (CVE-2025-52392)

Download JSON