CVE-2025-62512

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated attacker to determine whether a given username or email address exists in the system. The endpoint at password.php?action=lost returns distinct messages for valid vs. invalid accounts, enabling user enumeration. As of time of publication, no known patches are available.

Vulnerability Details

Published Date

February 24, 2026

Last Modified

February 25, 2026

CWE ID

CWE-204

Source

NVD

Vendor

Piwigo

Product

Piwigo

External References

https://github.com/Piwigo/Piwigo/security/advisories/GHSA-h4wx-7m83-xfxc

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment