What is CVE-2025-15398?

CVE-2025-15398 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 6.3.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2025-15398

MEDIUM6.3/ 10.0

Published: December 31, 2025 at 10:15 PM

Modified: January 14, 2026 at 08:36 PM

Source: cna@vuldb.com

Vulnerability Description

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Metrics

Base Score

6.3

Severity

MEDIUM

Vector String

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-640

Source: cna@vuldb.com

AI Security Analysis

01 // Technical Summary

Uasoft Badaso versions up to 2.9.7 are vulnerable to a weak password recovery attack. This vulnerability, residing in the forgetPassword function, allows attackers to potentially compromise user accounts due to flawed token handling, despite the high complexity and difficult exploitability. The vendor has not responded to the disclosure, increasing the risk of exploitation.

02 // Vulnerability Mechanism

Step 1: Target Identification: The attacker identifies a target user account within the Badaso application.

Step 2: Password Reset Request: The attacker initiates a password reset request, typically by providing the target user's email address.

Step 3: Token Interception/Prediction (Likely): The attacker attempts to intercept the password reset token sent to the target user's email or attempts to predict the token based on known information or vulnerabilities in the token generation algorithm.

Step 4: Token Manipulation/Brute-Force (If Prediction Fails): If the token cannot be intercepted, the attacker may attempt to brute-force the token, especially if the token generation algorithm is weak.

Step 5: Password Reset: The attacker uses the intercepted or predicted token to reset the target user's password.

Step 6: Account Compromise: The attacker logs in to the compromised account using the newly set password.

03 // Deep Technical Analysis

The vulnerability lies within the forgetPassword function of src/Controllers/BadasoAuthController.php. The root cause is likely a flaw in how the system generates, validates, or handles password reset tokens. Specifically, the system may be vulnerable to issues such as:

Predictable Token Generation: The tokens used for password reset may be generated using a weak algorithm or based on easily guessable information (e.g., timestamps, user IDs). This allows attackers to predict or brute-force valid tokens.
Insufficient Token Validation: The system may not adequately validate the token's expiration, user association, or other security checks. This could allow an attacker to reuse a token or use a token for a different user.
Token Reuse/Replay: The system might not invalidate tokens after they are used, allowing an attacker to reuse a token multiple times to reset the password.
Lack of Rate Limiting: The system may not implement rate limiting on password reset requests, allowing attackers to repeatedly request password reset tokens, potentially overwhelming the system or facilitating brute-force attacks on token generation.