CVE-2025-51586

LOW NUCLEI

PrestaShop <8.2.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-51586. PoCs published by 7h30th3r0n3. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python script that exploits CVE-2025-51586, an information disclosure vulnerability in PrestaShop's AdminLogin password reset mechanism. The script enumerates administrator email addresses by providing invalid reset tokens and can optionally perform brute-force attacks on discovered emails.

Description

An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.

Exploits (1)

github WORKING POC

by 7h30th3r0n3 · pythonpoc

https://github.com/7h30th3r0n3/CVE-2025-51586-PrestaShop-PoC

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-2025-51586, an information disclosure vulnerability in PrestaShop's AdminLogin password reset mechanism. The script enumerates administrator email addresses by providing invalid reset tokens and can optionally perform brute-force attacks on discovered emails.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: PrestaShop (version not specified)

No auth needed

Prerequisites: Access to the PrestaShop admin login page · Valid id_employee range

MITRE ATT&CK

T1592 - Gather Victim Host Information T1110 - Brute Force

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

PrestaShop - Information Disclosure

MEDIUMVERIFIEDby mastercho

Shodan: http.component:"prestashop"

References (3)

Core 3

Core References

Release Notes

https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.1

Third Party Advisory

https://maxime-morel.github.io/advisories/2025/CVE-2025-51586.md

Product

https://prestashop.com/

Scores

CVSS v3 3.7

EPSS 0.0103

EPSS Percentile 77.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (2)

prestashop/prestashop < 8.2.1

prestashop/prestashop 0 - 8.2.3Packagist

Published Sep 08, 2025

Tracked Since Feb 18, 2026