CVE-2025-3895 – MegaBIP Password Reset Token Brute Force Vulnerability

CVE ID : CVE-2025-3895

Published : May 23, 2025, 11:15 a.m. | 2 hours, 3 minutes ago

Description : Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value.
It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators). 
Version 5.20 of MegaBIP fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…