Cyber Resilience

CVE-2025-6216

Critical

Published: 21 June 2025

Published
21 June 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4984 97.9th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6216 is a critical-severity Weak Password Recovery Mechanism for Forgotten Password (CWE-640) vulnerability in Alltena Allegra. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Allegra contains an authentication bypass vulnerability in its password recovery mechanism, specifically within the calculateTokenExpDate function used to generate reset tokens. The flaw stems from reliance on a predictable value rather than a secure random one, enabling attackers to forge valid tokens. It affects multiple versions of the Allegra application prior to the fixes noted in the vendor's release documentation.

Remote, unauthenticated attackers can exploit the issue over the network to bypass authentication entirely and gain unauthorized access to affected installations. Successful exploitation allows full compromise of user accounts through the password reset process, with no user interaction or credentials required. The vulnerability received a CVSS v3 score of 9.8 and is tracked as ZDI-CAN-27104.

Vendor advisories recommend upgrading to Allegra release 8.1.4 or 7.5.2, as detailed in the official release notes. The corresponding Zero Day Initiative advisory ZDI-25-410 provides additional technical context on the flaw.

The EPSS score rose from lower values to a peak of 0.5306 on 2026-04-29 before receding to the current 0.4984, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results…

more

from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

alltena
allegra
7.0.0 — 7.5.2.70 · 8.0.0 — 8.1.24

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-640

Establishing procedures for lost or compromised authenticators addresses weak password recovery mechanisms.

References