CVE-2025-15398 | Uasoft badaso up to 2.9.7 Token BadasoAuthController.php forgetPassword password recovery

A vulnerability classified as problematic was found in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery.

This vulnerability is documented as CVE-2025-15398. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.VulDB Recent EntriesRead More