CVE-2025-63807 | THREATINT

Description

An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-20 | Updated 2025-11-21 | Assigner mitre

References

gist.github.com/...rl-Furry/3e93c6f0d48a29518adf341e0fc7e2dd

cve.org (CVE-2025-63807)

nvd.nist.gov (CVE-2025-63807)

Download JSON