CVE-2025-55342
MEDIUMQuipux 4.0.1-e1774ac - Exposure of Sensitive Information via Password Reset Validation
Title source: llmDescription
Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.
References (2)
Core 2
Core References
Permissions Required
https://minka.gob.ec/quipux-comunitario/quipux-comunitario
Third Party Advisory
https://seguridaddigital.ec/research/20251101/report-20251101.en.pdf
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
11.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
quipux/quipux
4.0.1
Published
Nov 05, 2025
Tracked Since
Feb 18, 2026