We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-29773

Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover



Description

Froxlor is open-source server administration software. A vulnerability in versions prior to 2.2.6 allows users (such as resellers or customers) to create accounts with the same email address as an existing account. This creates potential issues with account identification and security. This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin. The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues. Version 2.2.6 fixes the issue.

Reserved 2025-03-11 | Published 2025-03-13 | Updated 2025-03-13 | Assigner GitHub_M


MEDIUM: 5.8CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-287: Improper Authentication

Product status

< 2.2.6
affected

References

github.com/...roxlor/security/advisories/GHSA-7j6w-p859-464f

github.com/...ommit/a43d53d54034805e3e404702a01312fa0c40b623

mega.nz/file/h8oFHQrL

cve.org (CVE-2025-29773)

nvd.nist.gov (CVE-2025-29773)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-29773

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.