Detections
Analytics
CVE-2025-63807
critical
Description
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.
References
https://gist.github.com/Rycarl-Furry/3e93c6f0d48a29518adf341e0fc7e2dd