CVE-2025-62512 — MEDIUM (5.3)

Q: How severe is CVE-2025-62512?

CVE-2025-62512 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-62512?

Check the references section above for vendor advisories and patch information. Affected products include: Piwigo Piwigo.

Vulnerability Description

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Piwigo	Piwigo	>= 15.0.0, <= 15.5.0

Related Weaknesses (CWE)

CWE-204

References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxcExploitMitigationVendor Advisory

FAQ

What is CVE-2025-62512?

CVE-2025-62512 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to det...

How severe is CVE-2025-62512?

CVE-2025-62512 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-62512?

Check the references section above for vendor advisories and patch information. Affected products include: Piwigo Piwigo.