CVE-2025-62527

high

Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

References

https://gitlab.com/remram44/taguette/-/issues/331

https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j

Details

Source: Mitre, NVD

Published: 2025-10-20

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Severity: High

EPSS

EPSS: 0.00031