top of page
perceptive_background_267k.jpg

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and e…

Published:

11 January 2026 at 23:00:00

Alert date:

12 January 2026 at 21:02:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

A critical vulnerability in DDSN Interactive Acora CMS v10.7.1 allows attackers to perform full account takeover through a static password reset token flaw. The vulnerability enables arbitrary password resets via replay attacks due to the use of static tokens in the password reset function. This security flaw permits complete compromise of user accounts without requiring initial authentication or user interaction.

Technical details

Mitigation steps:

Affected products:

DDSN Interactive Acora CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-63314
http://acora.com
http://ddsn.com
https://github.com/padayali-JD/CVE-2025-63314

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page