CVE-2025-62527 HIGH

CVE-2025-62527: Taguette vulnerable to password reset link poisoning

Vendor Remram44
Product taguette
Weakness CWE-15
Published October 20, 2025
Last update October 20, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been patched in version 1.5.0.

Key dates

02Disclosure timeline

October 20, 2025 CVE published
October 20, 2025 Record updated