CVE-2025-59943 — HIGH (8.1)

Vulnerability Description

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpmyfaq	Phpmyfaq	4.0.7

Related Weaknesses (CWE)

CWE-286 CWE-284

References

https://github.com/thorsten/phpMyFAQ/commit/44cd20f86eb041f39d1c30a9beefad1cc61dPatch
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74jExploitVendor Advisory
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9wj2-4hcm-r74jExploitVendor Advisory

FAQ

What is CVE-2025-59943?

CVE-2025-59943 is a vulnerability with a CVSS score of 8.1 (HIGH). phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts ...

How severe is CVE-2025-59943?

CVE-2025-59943 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59943?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmyfaq Phpmyfaq.