cbcvebase.
CVE-2025-56748
published 2025-10-15

CVE-2025-56748: Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing…

PriorityP433medium6.4CVSS 3.1
AVNACHPRNUIRSUCHILAL
EPSS
0.20%
10.2th percentile
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.

Affected

5 ranges
VendorProductVersion rangeFixed in
creativeitemacademy_lms<= 5.13
linuxlinux_kernel>= 0 < 4.15.0-240.2524.15.0-240.252
msrcazl3_kernel_6.6.57.1-7_on_azure_linux_3.0
msrccbl2_kernel_5.15.173.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.173.1-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.16.4MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
osv7.8HIGH
vendor_msrc3.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.