CVE-2025-66204

by Fred · 09/12/2025

WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.

More information : https://github.com/WBCE/WBCE_CMS/commit/3765baddf27f31bbbea9c0228c452268621b25e5

CVE-2025-66204

Similar

Recent Posts

Categories

CVE-2025-66204

Share this:

Similar

Recent Posts

Categories

Tags