CVE-2025-22390

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-521
View all →

Vulnerability Description

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.

Related Vulnerabilities

CVE-2016-11069

HIGH
CVSS:7.5(High)

An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.

CWE-5212016

CVE-2017-1597

HIGH
CVSS:7.5(High)

IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for atta...

CWE-5212017

CVE-2017-9818

HIGH
CVSS:7.5(High)

The National Payments Corporation of India BHIM application 1.3 for Android relies on a four-digit passcode, which makes it easier for attackers to obtain access.

CWE-5212017

CVE-2018-15766

HIGH
CVSS:7.5(High)

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to ...

CWE-5212018

CVE-2018-1680

HIGH
CVSS:7.5(High)

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. I...

CWE-5212018