CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.2%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/J0ey17/Silverpeas-Username-Enumeration-PoC
https://github.com/Silverpeas/Silverpeas-Core/pull/1399

Products affected by CVE-2025-46047

Silverpeas » Silverpeas » Version: 6.4.1

cpe:2.3:a:silverpeas:silverpeas:6.4.1
Silverpeas » Silverpeas » Version: 6.4.2

cpe:2.3:a:silverpeas:silverpeas:6.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46047

Products

Pricing

Contact Us