CVE-2025-46047: Silverpeas Core Username Enumeration Vulnerability
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
References
- github.com/J0ey17/Silverpeas-Username-Enumeration-PoC
- github.com/Silverpeas/Silverpeas-Core
- github.com/Silverpeas/Silverpeas-Core/commit/c283ce13d81ba7abf6adcd226338c95c5875a398
- github.com/Silverpeas/Silverpeas-Core/pull/1399
- github.com/advisories/GHSA-cv2m-5pfp-f245
- nvd.nist.gov/vuln/detail/CVE-2025-46047
Code Behaviors & Features
Detect and mitigate CVE-2025-46047 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →