CVE-2025-27939

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 15, 2025

Updated: Apr 16, 2025

CWE ID 639

Summary

CVE-2025-27939 is a newly disclosed vulnerability that allows attackers to manipulate registered email addresses of other users, leading to unauthorized account takeovers. This issue can potentially impact a large number of users, as email addresses are commonly used for account recovery and authentication processes. An attacker who successfully exploits this vulnerability can gain control over another user's account, potentially leading to data theft or other malicious activities. The exact cause of this vulnerability is not yet publicly disclosed, but it is recommended that affected users take immediate steps to secure their accounts, such as resetting passwords and enabling multi-factor authentication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cloud Applications

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners