QwikSec

Security Database

CVE

CWE

Training

CVE-2025-62294

Published: Nov 20, 2025

Modified: Nov 20, 2025

PUBLISHED

Description

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55.

Vendor	Product	Versions
SOPlanning	SOPlanning	affected `0 - < 1.55`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2025/11/CVE-2025-62293

third-party-advisory

https://www.soplanning.org/en/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.