CVE-2025-52392

Published August 13th, 2025

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.

soosyze/soosyze

:stars: Soosyze CMS is a minimalist content management system in PHP, without database to create and manage your website easily. https://soosyze.com

GitHub