CVE-2025-51586

LOW NUCLEI

PrestaShop <8.2.1 - Info Disclosure

Title source: llm

Description

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.

Exploits (1)

github WORKING POC
by 7h30th3r0n3 · pythonpoc
https://github.com/7h30th3r0n3/CVE-2025-51586-PrestaShop-PoC

Nuclei Templates (1)

PrestaShop - Information Disclosure
MEDIUMVERIFIEDby mastercho
Shodan: http.component:"prestashop"

References (3)

Scores

CVSS v3 3.7
EPSS 0.0097
EPSS Percentile 76.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-359
Status published
Products (2)
prestashop/prestashop < 8.2.1
prestashop/prestashop 0 - 8.2.3Packagist
Published Sep 08, 2025
Tracked Since Feb 18, 2026