How severe is CVE-2025-5323?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-5323?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2025-5323 - MEDIUM Severity | CVSS 3.7

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-2603

LOW

CVSS:3.5(Low)

Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).

CWE-3252017

CVE-2017-2598

MEDIUM

CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CWE-3252017

CVE-2017-2600

MEDIUM

CVSS:4.3(Medium)

In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURIT...

CWE-3252017

CVE-2022-30115

MEDIUM

CVSS:4.3(Medium)

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host...

CWE-3252022

CVE-2021-3680

MEDIUM

CVSS:5.3(Medium)

showdoc is vulnerable to Missing Cryptographic Step

CWE-3252021

CVE-2020-10702

MEDIUM

CVSS:5.5(Medium)

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation...

CWE-3252020