Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-51586

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.

Published: Sep 4, 2025
Updated: Dec 29, 2025
CVE: CVE-2025-51586
GHSA: GHSA-8xx5-h6m3-jr33
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-203
CWE-359

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	-	8.2.3
prestashop / prestashop	-	8.2.1

https://build.prestashop-project.org/news/2025/prestashop-8-2-3-security-release
https://github.com/PrestaShop/PrestaShop/commit/c97bdf10f77fedbe5a61a1dec5f96b3abb1d76fb
https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1
https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.3
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-8xx5-h6m3-jr33
https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md
https://prestashop.com
https://prestashop.com/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo