CVE-2025-53522

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

M

ovable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.

References

Link	Resource
https://jvn.jp/en/jp/JVN76729865/
https://movabletype.org/news/2025/08/mt-843-released.html

Configurations

No configuration.

History

20 Aug 2025, 14:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 05:15

Updated : 2025-08-20 14:39

NVD link : CVE-2025-53522

Mitre link : CVE-2025-53522

CVE.ORG link : CVE-2025-53522

JSON object : View

Products Affected

No product.

CWE

CWE-348

Use of Less Trusted Source

{"id": "CVE-2025-53522", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T05:15:27.787", "references": [{"url": "https://jvn.jp/en/jp/JVN76729865/", "source": "[email protected]"}, {"url": "https://movabletype.org/news/2025/08/mt-843-released.html", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-348"}]}], "descriptions": [{"lang": "en", "value": "Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker."}, {"lang": "es", "value": "Movable Type presenta un problema con el uso de una fuente menos confiable. Si se explota, un atacante remoto no autenticado podr\u00eda enviar un correo electr\u00f3nico manipulado para restablecer una contrase\u00f1a."}], "lastModified": "2025-08-20T14:39:07.860", "sourceIdentifier": "[email protected]"}