How severe is CVE-2025-22144?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-22144?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2025-22144

CRITICAL Year: 2025

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-610

View all →

Vulnerability Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2020-14057

CRITICAL

CVSS:9.8(Critical)

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execu...

CWE-6102020

CVE-2021-43685

CRITICAL

CVSS:9.8(Critical)

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

CWE-6102021

CVE-2021-44041

CRITICAL

CVSS:9.8(Critical)

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to e...

CWE-6102021

CVE-2022-20239

CRITICAL

CVSS:9.8(Critical)

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel...

CWE-6102022

CVE-2022-39206

CRITICAL

CVSS:9.9(Critical)

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. ...

CWE-6102022

CVE-2017-16088

CRITICAL

CVSS:10.0(Critical)

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the ...

CWE-6102017

CVE-2025-22144

Vulnerability Description

Related Vulnerabilities

CVE-2020-14057

CVE-2021-43685

CVE-2021-44041

CVE-2022-20239

CVE-2022-39206

CVE-2017-16088