Vulnerability Details CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.4%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2025-60954
-
cpe:2.3:a:microweber:microweber:2.0.0