CVE-2026-25597 – PrestaShop has a time based enumeration in FO login form

CVE ID : CVE-2026-25597

Published : Feb. 6, 2026, 8:47 p.m. | 31 minutes ago

Description : PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…