CVE-2025-22144

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/NamelessMC/Nameless/releases/tag/v2.1.3	Release Notes
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p	Exploit Vendor Advisory
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-13 20:15

Updated : 2025-05-13 15:42

NVD link : CVE-2025-22144

Mitre link : CVE-2025-22144

CVE.ORG link : CVE-2025-22144

JSON object : View

Products Affected

namelessmc

nameless

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2025-22144", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-13T20:15:29.817", "references": [{"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.3", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-p883-7496-x35p", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-610"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "NamelessMC es un software gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. Un usuario con permisos admincp.core.emails o admincp.users.edit puede validar usuarios y un atacante puede restablecer sus contrase\u00f1as. Cuando la cuenta se aprueba correctamente por correo electr\u00f3nico, el c\u00f3digo de restablecimiento es NULL, pero cuando la cuenta es validada manualmente por un usuario con permisos admincp.core.emails o admincp.users.edit, el c\u00f3digo de restablecimiento ya no ser\u00e1 NULL, sino que estar\u00e1 vac\u00edo. Un atacante puede solicitar http://localhost/nameless/index.php?route=/forgot_password/&c= y restablecer la contrase\u00f1a. Como resultado, un atacante puede comprometer la contrase\u00f1a de otro usuario y tomar el control de su cuenta. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 2.1.3 y se recomienda a todos los usuarios que la actualicen. No se conocen Workarounds para esta vulnerabilidad."}], "lastModified": "2025-05-13T15:42:53.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4402A4C5-43C3-4436-B207-1374812080DD", "versionEndExcluding": "2.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}