CVE-2025-12547

LowPublic PoC

Published: 31 October 2025

Published

31 October 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0016 36.8th percentile

Risk Priority 7 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-12547 is a low-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 3.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 36.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

prevent

AC-7 directly enforces limits on consecutive unsuccessful logon attempts, preventing brute-force attacks on the vulnerable Admin Login Page in LogicalDOC.

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of system flaws like the improper restriction of authentication attempts in /login.jsp.

SI-4 System Monitoring partial match

detect

SI-4 enables monitoring of the system to detect indicators of brute-force exploitation attempts targeting the vulnerable login functionality.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

attack.mitre.org →

Why these techniques?

Vulnerability involves improper restriction of excessive authentication attempts, directly enabling brute-force attacks (T1110) on the admin login.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be…

executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-12547 is a vulnerability in LogicalDOC Community Edition up to version 9.2.1, affecting unknown code in the /login.jsp file of the Admin Login Page component. It stems from improper restriction of excessive authentication attempts, mapped to CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-799 (Improper Control of Interaction Frequency). The issue carries a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and was published on 2025-10-31.

Remote unauthenticated attackers can exploit this vulnerability over the network without user interaction, though it requires high attack complexity, making exploitability difficult. Successful exploitation results in low-impact confidentiality disclosure, with no effects on integrity or availability.

VulDB advisories detail the issue and note that an exploit is publicly available via a GitHub Gist. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are referenced.