CVE-2025-51543: An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password vi...
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.
Security readout for executives and security teams
Plain-English summary
CVE-2025-51543 describes a flaw in Cicool builder 3.4.4 that may let an unauthenticated attacker reset the administrator password. That creates a direct path to administrative takeover if the affected admin endpoint is reachable. The CVE rates it critical, but the supplied sources do not name a vendor patch or confirm real-world exploitation.
Executive priority
Prioritize this urgently for any exposed Cicool builder 3.4.4 instance. The issue could enable administrator account takeover without credentials. Business urgency depends on whether the software is present and reachable; current public metadata is incomplete, so rapid inventory is the first decision point.
Technical view
The CVE describes missing authentication on the /administrator/auth/reset_password endpoint in Cicool builder 3.4.4, mapped to CWE-306. CVSS 3.1 is 9.8 with network access, low complexity, no privileges, and no user interaction. Vendor, CPE, and fixed-version metadata are not provided in the supplied affected-product block.
Likely exposure
Exposure is most likely where Cicool builder 3.4.4 is deployed and its administrator password reset route is reachable over a network. The source bundle does not provide CPEs, vendor ownership, deployment prevalence, or affected-version ranges beyond the named 3.4.4 version.
Exploitation context
The CVE is not listed as KEV in the supplied bundle. A public GitHub reference is included, but the provided data does not establish active exploitation. Treat internet-exposed administrator interfaces as high priority because the stated issue requires no authentication or user interaction.
Researcher notes
The record is thin: affected vendor/product fields are n/a, no CPEs are listed, and no patch is named. The core claim is unauthenticated administrator password reset in Cicool builder 3.4.4. Validate exposure defensively and avoid assuming broader version impact without corroborating vendor or CVE updates.
Mitigation direction
Check vendor or project guidance for a fixed release or official workaround.
Remove public access to Cicool administrator routes where operationally possible.
Restrict admin endpoints behind VPN, allowlists, or equivalent access control.
Review administrator accounts and rotate credentials after suspected exposure.
Monitor password reset and administrator login events for anomalies.
Validation and detection
Inventory systems for Cicool builder 3.4.4 deployments.
Confirm whether /administrator/auth/reset_password is externally reachable.
Review access logs for unauthenticated reset attempts or unusual admin logins.
Verify compensating controls block unauthenticated access to administrator functions.
Track CVE sources for vendor, CPE, or fixed-version updates.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-306: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
2Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: pocAutomatable: yesTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-306 · source CWE mapping
Missing Authentication for Critical Function
Missing Authentication for Critical Function represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.