top of page
perceptive_background_267k.jpg

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and e…

Published:

11 januari 2026 om 23:00:00

Alert date:

12 januari 2026 om 21:02:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Identity & Access

A critical vulnerability in DDSN Interactive Acora CMS v10.7.1 allows attackers to perform full account takeover through a static password reset token flaw. The vulnerability enables arbitrary password resets via replay attacks due to the use of static tokens in the password reset function. This security flaw permits complete compromise of user accounts without requiring initial authentication or user interaction.

Technical details

Mitigation steps:

Affected products:

DDSN Interactive Acora CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-63314
http://acora.com
http://ddsn.com
https://github.com/padayali-JD/CVE-2025-63314

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page