CVE-2025-51543

Cicool · Cicool builder

Cicool builder 3.4.4 allows unauthenticated attackers to reset the administrator password via the /administrator/auth/reset_password endpoint.

Executive summary

An unauthenticated password reset vulnerability in Cicool builder 3.4.4 allows attackers to gain unauthorized administrative access to the platform.

Vulnerability

This vulnerability is an authentication flaw residing in the /administrator/auth/reset_password endpoint, which allows an unauthenticated attacker to initiate a password reset for the administrator account.

Business impact

The CVSS score of 9.8 reflects the high severity of this flaw. By successfully resetting the administrator credentials, an attacker can obtain full control over the Cicool builder instance, leading to complete data compromise, configuration changes, and total loss of system confidentiality.

Remediation

Immediate Action: Update Cicool builder to the latest version immediately to close the vulnerable reset endpoint.

Proactive Monitoring: Audit administrator account activity and password change logs for any unauthorized or unexpected modifications.

Compensating Controls: Temporarily restrict access to the /administrator/ directory using IP allowlisting or a Web Application Firewall (WAF) to prevent access to the reset endpoint by external actors.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This is a critical vulnerability that grants immediate administrative access. It is imperative that all users of Cicool builder 3.4.4 apply the latest security updates without delay to prevent unauthorized account takeover.