CVE-2025-62527 | THREATINT

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

PUBLISHED Reserved 2025-10-15 | Published 2025-10-20 | Updated 2025-10-20 | Assigner GitHub_M

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Problem types

CWE-15: External Control of System or Configuration Setting

Product status

< 1.5.0

affected

References

github.com/...guette/security/advisories/GHSA-7rc8-5c8q-jr6j

gitlab.com/remram44/taguette/-/issues/331

cve.org (CVE-2025-62527)

nvd.nist.gov (CVE-2025-62527)

Download JSON