Posted Date: 2025/11/12

[Vulnerability Alert] EIP Plus - Weak Password Recovery Mechanism (CVE-2025-12866)

  • Subject: [Vulnerability Alert] EIP Plus - Weak Password Recovery Mechanism (CVE-2025-12866)
  • Content:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202511-00000007
    • [EIP Plus - Weak Password Recovery Mechanism] (CVE-2025-12866, CVSS: 9.8) An unauthenticated remote attacker can predict or brute-force the 'forgot password' link to successfully modify arbitrary user passwords.
  • Affected Platforms:
    • EIP Plus versions before RELEASE_240626 (exclusive)
  • Recommended Measures:
    • Update to RELEASE_240626 (inclusive) or later
  • References:
    1. https://www.twcert.orgtw/tw/cp-132-10490-2534b-1.html

Computer and Communications Center
Network Systems Group