Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-13565

MEDIUM6.9

SourceCodester Inventory Management System resetPassword.php password recovery

Published Nov 23, 2025

Modified 1 months ago

No fix available

Details

A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

References

WEBhttps://vuldb.com/?ctiid.333329 WEBhttps://vuldb.com/?id.333329 ADVISORYhttps://vuldb.com/?submit.697984 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-13565 DETECTIONhttps://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link WEBhttps://www.sourcecodester.com/

CVSS Analysis

CVSS v4.0

6.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

LowVI:L

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

6.9/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedNov 23, 2025

ModifiedNov 24, 2025

CVE-2025-13565 | Mondoo Vulnerability Intelligence