CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

EUVD-2025-208341

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

Ibexa eZ Platform 安全漏洞

Ibexa eZ Platform is a content management system and website building tool provided by the Norwegian company Ibexa. The Ibexa eZ Platform 2.x version has a security vulnerability, which stems from improper access control in the REST API. This vulnerability could allow unverified attackers to acce...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

CVE-2025-70363

Summary (CVE-2025-70363) : The REST API in Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x is affected by an improper access control flaw that allows unauthenticated attackers to access sensitive data by enumerating object IDs. The issue is described across multiple sources, with the root ca...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

CVE-2025-70363

Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs...

User Enumeration

ibexa/user is vulnerable to User Enumeration. The vulnerability is due to overly descriptive error messages, which allows an attacker to determine whether a user account exists by observing differences in error responses...

Cross-site Scripting (XSS)

ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...

Improper Authentication

ibexa/user is vulnerable to improper authentication. The vulnerability is due to an error in the password validation logic during the transition from v4 to v5, which allows an attacker to change the account password without knowing the previous password by exploiting an active authenticated sessi...

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2025-67719

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2025-67719

Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...

EUVD-2025-202462

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

Ibexa User Bundle 安全漏洞

Ibexa User Bundle is an open source content management system from Ibexa. A security vulnerability exists in Ibexa User Bundle versions 5.0.0-beta1 through 5.0.3, which stems from a lack of password validation that could cause a logged-in user to change their password without having to know the o...

Unverified Password Change

Overview Affected versions of this package are vulnerable to Unverified Password Change via the password change process in the back office. An attacker can gain unauthorized access to change account credentials by exploiting the lack of previous password validation during the password change...