Cyber Resilience

CVE-2025-12547

LowPublic PoC

Published: 31 October 2025

Published
31 October 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 40.4th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12547 is a low-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 2.9 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-12547 is a vulnerability in LogicalDOC Community Edition up to version 9.2.1, affecting unknown code in the /login.jsp file of the Admin Login Page component. It stems from improper restriction of excessive authentication attempts, mapped to CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-799 (Improper Control of Interaction Frequency). The issue carries a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and was published on 2025-10-31.

Remote unauthenticated attackers can exploit this vulnerability over the network without user interaction, though it requires high attack complexity, making exploitability difficult. Successful exploitation results in low-impact confidentiality disclosure, with no effects on integrity or availability.

VulDB advisories detail the issue and note that an exploit is publicly available via a GitHub Gist. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are referenced.

EU & UK References

Vulnerability details

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be…

more

executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
Why these techniques?

Vulnerability involves improper restriction of excessive authentication attempts, directly enabling brute-force attacks (T1110) on the admin login.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-54449Same product: Logicaldoc Logicaldoc
CVE-2024-54448Same product: Logicaldoc Logicaldoc
CVE-2026-32729Shared CWE-307, CWE-799
CVE-2025-14362Shared CWE-307
CVE-2025-69246Shared CWE-307
CVE-2026-2110Shared CWE-307, CWE-799
CVE-2026-35597Shared CWE-307
CVE-2026-45364Shared CWE-307
CVE-2025-23368Shared CWE-307
CVE-2025-69615Shared CWE-307

Affected Assets

logicaldoc
logicaldoc
≤ 9.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces limits on consecutive unsuccessful logon attempts to the /login.jsp admin page, blocking the brute-force vector described in CVE-2025-12547.

prevent

Enforces the underlying access-control policy that should have rejected excessive authentication attempts against the login component.

detect

Enables monitoring of authentication events on the exposed login page so that repeated failed attempts can be identified in real time.

References