CVE-2025-66225 | OrangeHRM up to 5.7 Username password recovery (GHSA-5ghw-9775-v263 / EUVD-2025-199906)

A vulnerability, which was classified as critical, has been found in OrangeHRM up to 5.7. Affected is an unknown function. The manipulation of the argument Username leads to weak password recovery.

This vulnerability is documented as CVE-2025-66225. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More