CVE-2025-29773
MEDIUMfroxlor < 2.2.6 - Authenticated Account Creation with Duplicate Email Address
Title source: llmDescription
Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f
Patch x_refsource_misc
https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623
Exploit x_refsource_misc
https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
Scores
CVSS v3
5.8
EPSS
0.0027
EPSS Percentile
18.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (2)
froxlor/froxlor
2.2.5
froxlor/froxlor
0 - 2.2.6Packagist
Published
Mar 13, 2025
Tracked Since
Feb 18, 2026