CVE-2025-3895

EUVD-2025-27942
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value.
 It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these belonging to administrators). 
Version 5.20 of MegaBIP fixes this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/05/CVE-2025-3893
https://megabip.pl/index.php?id=24,145
https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej