Primary

Context

Ibexa DXP Password Change Vulnerability in Back Office

Vulnerability

Patched

A vulnerability exists in the password change feature of Ibexa DXP versions 5.0.0-beta1 through 5.0.3. During the upgrade from version 4 to 5, a flaw was introduced in the password validation process, allowing users to change their passwords in the back office without knowing the previous one. This issue could be exploited if a user leaves their workstation unattended while logged in, as an attacker could access the session and change the password, locking the user out.

Impact

Exploitation of this vulnerability allows for unauthorized password changes in the back office, potentially locking users out of their accounts.

Remediation

Users can upgrade to Ibexa DXP version 5.0.4 to address this vulnerability.

Added: Dec 11, 2025, 2:18 AM

Updated: Dec 11, 2025, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

4.2

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

4.2

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ibexa DXP Password Change Vulnerability in Back Office

Vulnerability

Impact

Remediation

Affected Products

Ibexa DXP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating