CVE-2025-22390

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 4, 2025

Updated: Jan 6, 2025

CWE ID 521

Summary

CVE-2025-22390 is a medium-severity vulnerability affecting Optimizely EPiServer.CMS.Core versions prior to 12.32.0. This issue stems from insufficient password complexity requirements within the CMS. Users can create passwords of minimal length, which is just six characters, leaving these passwords susceptible to modern attack techniques like password spraying and offline password cracking.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2KGpJy
https://www.cve.org/CVERecord?id=CVE-2025-22390
https://nvd.nist.gov/vuln/detail/CVE-2025-22390

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2025-22390

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations