CVE-2025-6216
CRITICAL NUCLEIAllegra 7.0.0-7.5.2.70 - Unauthenticated Authentication Bypass via Password Recovery Token
Title source: llmExploitation Summary
CVE-2025-6216 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.
Nuclei Templates (1)
Allegra - Authentication Bypass via Predictable Password Reset Token
CRITICALVERIFIEDby iamnoooob,pdresearch
Shodan:
http.favicon.hash:"284403119"
FOFA:
icon_hash="284403119"
References (2)
Core 2
Core References
Third Party Advisory x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-25-410/
Vendor Advisory vendor-advisory
https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2
Scores
CVSS v3
9.8
EPSS
0.2943
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-640
Status
published
Products (1)
alltena/allegra
7.0.0 - 7.5.2.70
Published
Jun 21, 2025
Tracked Since
Feb 18, 2026