CVE-2025-51741

Published: Nov 25, 2025

Modified: Nov 25, 2025

PUBLISHED

Description

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://echo.com

https://github.com/Veal98/Echo

https://gist.github.com/Paxsizy/9d92e8746778cf0926705d89b4f3618c

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-51741

Description

Affected Products

References