Vulnerability Details CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.6%
CVSS Severity
CVSS v3 Score 10.0
Products affected by CVE-2025-63314
-
cpe:2.3:a:ddsn:cm3_acora_cms:10.7.1