Security Advisory

CVE-2025-12866

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-10 02:45:26

Last updated 2025-11-12 16:50:58

Assigner twcert

State PUBLISHED

Description

EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the forgot password link, thereby successfully resetting any users password.

← Browse all CVEs View on cve.org ↗