What is CVE-2025-3895?

CVE-2025-3895 is a vulnerability in Jan Syski Megabip, classified under CWE-334. Published 2025-05-23.

Is CVE-2025-3895 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jan Syski Megabip

CVE-2025-3895

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and cha…

EPSS: 0.006 (70.5th percentile) — read the EPSS interpretation.

Affected products

Jan Syski Megabip — versions 0

Weakness classification (CWE)

CWE-334

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

cert.pl/en/posts/2025/05/CVE-2025-3893 (third-party-advisory)
megabip.pl/index.php (vendor-advisory)
www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstw… (government-resource)

Frequently asked questions

What is CVE-2025-3895?: CVE-2025-3895 is a vulnerability in Jan Syski Megabip, classified under CWE-334. Published 2025-05-23.
Is CVE-2025-3895 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.