Vulnerability in Pimcore Admin-ui-classic-bundle

CVE-2025-24980

pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has b…

EPSS: 0.000 (0.9th percentile) — read the EPSS interpretation.

Affected products

Pimcore Admin-ui-classic-bundle — versions < 1.7.4

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

References

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24 (x_refsource_CONFIRM)
https://github.com/pimcore/admin-ui-classic-bundle/pull/808 (x_refsource_MISC)
https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9 (x_refsource_MISC)