CVE-2025-13565Weak Password Recovery Mechanism for Forgotten Password in Inventory Management System

CWE-640Weak Password Recovery Mechanism for Forgotten Password3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 57.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Inventory Management SystemWarren-daloyan Inventory Management System
Timeline
PublishedNov 23

Description

A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-fcmx-4fpp-mg5q: A weakness has been identified in SourceCodester Inventory Management System 12025-11-23
CVEList
SourceCodester Inventory Management System resetPassword.php password recovery2025-11-23
CVE-2025-13565 — MEDIUM severity | cvebase