fkie_nvd - fkie_cve-2025-53522

fkie_cve-2025-53522

Vulnerability from fkie_nvd

Published

2025-08-20 05:15

Modified

2025-08-20 14:39

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.

References

▶	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN76729865/
	vultures@jpcert.or.jp	https://movabletype.org/news/2025/08/mt-843-released.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker."
    },
    {
      "lang": "es",
      "value": "Movable Type presenta un problema con el uso de una fuente menos confiable. Si se explota, un atacante remoto no autenticado podr\u00eda enviar un correo electr\u00f3nico manipulado para restablecer una contrase\u00f1a."
    }
  ],
  "id": "CVE-2025-53522",
  "lastModified": "2025-08-20T14:39:07.860",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T05:15:27.787",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/jp/JVN76729865/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://movabletype.org/news/2025/08/mt-843-released.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-348"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Primary"
    }
  ]
}

CVE-2025-53522 (GCVE-0-2025-53522)

Vulnerability from cvelistv5

Published

2025-08-20 04:22

Modified

2025-08-20 16:00

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-348 - Use of less trusted source

Summary

Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.

References

►

URL

Tags

	https://movabletype.org/news/2025/08/mt-843-released.html
	https://jvn.jp/en/jp/JVN76729865/

Impacted products

Vendor

Product

Version

►

Six Apart Ltd.

Movable Type (Software Edition)

Version: 8.0.0 to 8.0.6
Version: 8.4.0 to 8.4.2 (8 series)

Six Apart Ltd.	Movable Type (Software Edition)	Version: 7 r.5508 and earlier (7 series)
Six Apart Ltd.	Movable Type Advanced (Software Edition)	Version: 8.0.0 to 8.0.6 Version: 8.4.0 to 8.4.2 (8 series)
Six Apart Ltd.	Movable Type Advanced (Software Edition)	Version: 7 r.5508 and earlier (7 series)
Six Apart Ltd.	Movable Type Premium (Software Edition)	Version: 2.09 and earlier (2 series)
Six Apart Ltd.	Movable Type Premium (Software Edition)	Version: 1.66 and earlier (1 series)
Six Apart Ltd.	Movable Type Premium (Advanced Edition) (Software Edition)	Version: 2.09 and earlier (2 series)
Six Apart Ltd.	Movable Type Premium (Advanced Edition) (Software Edition)	Version: 1.66 and earlier (1 series)
Six Apart Ltd.	Movable Type (Cloud Edition)	Version: 8.6.0 (8 series)
Six Apart Ltd.	Movable Type (Cloud Edition)	Version: 7 r.5508 (7 series)
Six Apart Ltd.	Movable Type Premium (Cloud Edition)	Version: 2.09 (2 series)
Six Apart Ltd.	Movable Type Premium (Cloud Edition)	Version: 1.66 (1 series)

Show details on NVD website