[Vulnerability Alert] EIP Plus - Weak Password Recovery Mechanism (CVE-2025-12866)

• Subject: [Vulnerability Alert] EIP Plus - Weak Password Recovery Mechanism (CVE-2025-12866)

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202511-00000007
  • [EIP Plus - Weak Password Recovery Mechanism] (CVE-2025-12866, CVSS: 9.8) An unauthenticated remote attacker can predict or brute-force the 'forgot password' link to successfully modify arbitrary user passwords.
• Affected Platforms:
  • EIP Plus versions before RELEASE_240626 (exclusive)
• Recommended Measures:
  • Update to RELEASE_240626 (inclusive) or later
• References:
  1. https://www.twcert.orgtw/tw/cp-132-10490-2534b-1.html

Computer and Communications Center
Network Systems Group