Taguette vulnerable to password reset link poisoning_CVE-2025-62527

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

Basic Information

ID CVE-2025-62527

Source GitHub_M

Published Oct 20, 2025 at 20:03

Modified Oct 20, 2025 at 20:18

Affected Product

Vendor remram44

Product taguette

Version < 1.5.0

Affected Versions remram44 taguette < 1.5.0

CWE Classification

CWE-15

References

{
    "lastseen": "",
    "description": "Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.",
    "published": "2025-10-20T20:03:29.405Z",
    "modified": "2025-10-20T20:18:18.800Z",
    "type": "cve",
    "title": "Taguette vulnerable to password reset link poisoning",
    "source": "GitHub_M",
    "references": "https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j\nhttps://gitlab.com/remram44/taguette/-/issues/331",
    "id": "CVE-2025-62527",
    "bulletinFamily": "",
    "cwe": [
        "CWE-15"
    ],
    "cvelist": null,
    "sourceData": "remram44 taguette < 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "taguette",
    "version": "< 1.5.0",
    "vendor": "remram44",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}