Security Advisory

CVE-2025-66204

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-08 23:50:58

Last updated 2025-12-09 16:03:59

Assigner GitHub_M

State PUBLISHED

Description

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.

← Browse all CVEs View on cve.org ↗