What the vulnerability does
01Description
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
CVE-2025-53704
HIGH
CVE-2025-53704: MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Key dates
02Disclosure timeline
December 4, 2025
CVE published
December 5, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint
CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery
CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection
CVE-2023-5296 Xinhu RockOA Password password recovery
