What is the severity of CVE-2025-22144?

CVE-2025-22144 has been rated as a high severity vulnerability due to the potential for unauthorized account access.

How do I fix CVE-2025-22144?

To fix CVE-2025-22144, update your NamelessMC installation to version 2.1.4 or later.

Who is affected by CVE-2025-22144?

CVE-2025-22144 affects users of NamelessMC versions prior to 2.1.4, specifically those with admincp.core.emails or admincp.users.edit permissions.

What type of vulnerability is CVE-2025-22144?

CVE-2025-22144 is a vulnerability involving improper access control that may allow an attacker to reset user passwords.

Can CVE-2025-22144 be exploited remotely?

Yes, CVE-2025-22144 can be exploited remotely by attackers with appropriate permissions.

Vulnerability/
CVE-2025-22144

critical

CWE

610

EPSS

0.043%

13/1/2025

CVE-2025-22144: Account Takeover in NamelessMC

First published: Mon Jan 13 2025(Updated: )

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
NamelessMC	<2.1.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-22144?
CVE-2025-22144 has been rated as a high severity vulnerability due to the potential for unauthorized account access.
How do I fix CVE-2025-22144?
To fix CVE-2025-22144, update your NamelessMC installation to version 2.1.4 or later.
Who is affected by CVE-2025-22144?
CVE-2025-22144 affects users of NamelessMC versions prior to 2.1.4, specifically those with admincp.core.emails or admincp.users.edit permissions.
What type of vulnerability is CVE-2025-22144?
CVE-2025-22144 is a vulnerability involving improper access control that may allow an attacker to reset user passwords.
Can CVE-2025-22144 be exploited remotely?
Yes, CVE-2025-22144 can be exploited remotely by attackers with appropriate permissions.

agent/title
agent/weakness
agent/first-publish-date
agent/references
agent/description
agent/type
agent/severity
agent/event
agent/author
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/source
collector/epss-latest
source/FIRST
agent/epss
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/namelessmc
canonical/namelessmc

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.