CVE-2025-46047

A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.

Published: Sep 2, 2025
Updated: Sep 3, 2025
CVE: CVE-2025-46047
GHSA: GHSA-cv2m-5pfp-f245
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-204

Affected Software
References

Software	From	Fixed in
org.silverpeas.core / silverpeas-core	6.4.1	6.4.3

https://github.com/J0ey17/Silverpeas-Username-Enumeration-PoC
https://github.com/Silverpeas/Silverpeas-Core/commit/c283ce13d81ba7abf6adcd226338c95c5875a398
https://github.com/Silverpeas/Silverpeas-Core/pull/1399

Vulnerability Database

CVE-2025-46047