CVE-2025-60954

Published October 24th, 2025

View on NVD ↗

CVSS v3

8.3

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.

microweber/microweber

Drag and Drop Website Builder and CMS with E-commerce

GitHub

3.42K

progprnv/CVE-Reports

GitHub