Vulnerability Description
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://beafn28.gitbook.io/beafn28/cve/brute-force-login-vulnerability-in-soosyz
- https://github.com/soosyze/soosyze/issues/269
- https://www.exploit-db.com/exploits/52416
FAQ
What is CVE-2025-52392?
CVE-2025-52392 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions...
How severe is CVE-2025-52392?
CVE-2025-52392 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52392?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.